> ## Documentation Index
> Fetch the complete documentation index at: https://docs.extractbase.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SameSite

Specifies the SameSite attribute for cookies, controlling how cookies are sent with cross-site requests. Helps prevent cross-site request forgery (CSRF) attacks.

## Definition

```graphql theme={null}
enum SameSite {
  STRICT
  LAX
  EXTENDED
  NONE
}
```

## Values

### `STRICT`

Cookies will only be sent in a first-party context and not with requests initiated by third-party websites.

### `LAX`

Cookies are not sent on cross-site subrequests (e.g., to load images or frames), but are sent when a user navigates to the origin site from an external site (e.g., by following a link).

### `EXTENDED`

This is a legacy value and should generally not be used. Modern browsers may treat it as \`LAX\` or \`NONE\` depending on context.

### `NONE`

Cookies will be sent in all contexts, both first-party and cross-origin. Requires the \`Secure\` attribute to be set.
