Storage-partition test · merchant cell
This page plays a merchant site embedding the key-holder iframe (the "prove.com" stand-in, hosted on the POC Connector). The key ID the iframe reports identifies which storage bucket this embedding context sees.
What this cell reports
top-level origin
top-level site (eTLD+1)
expected partition
key reported by iframewaiting for iframe…
bucket status…
visits in this bucket…
The key-holder iframe (live)
Test matrix — open each cell, compare key IDs
Measured 2026-07-07 — Chrome: 1 ≡ 2 ≠ 3 ≠ 4 (same top-level site → same partition across subdomains; cross-site isolated; first-party separate). Measured — Safari: 1 ≠ 2 ≠ 3 ≠ 4 — stricter than the documented site-keyed model: no subdomain sharing at all, and third-party storage is also ephemeral (quit Safari and revisit → cells 1–3 mint new keys; only cell 4's may survive, and only if visited within 7 days of interaction). Firefox: expected to match Chrome — pending.
- Subdomain sharing: open cells 1 and 2 — matching IDs proves one iframe key covers all of a merchant's subdomains.
- Cross-merchant isolation: open cell 3 — a different ID proves the cross-merchant fallback is partitioned away.
- First-party baseline: open cell 4 (key holder top-level) — its ID is the unpartitioned bucket.
- Chrome SAA: after visiting cell 4 and clicking anywhere on it, come back here and press the SAA button inside the iframe — if granted, the unpartitioned ID it prints should match cell 4's.
- Safari ephemerality: note the IDs, quit Safari fully, reopen — cells 1–3 will have minted fresh IDs.