Can someone explain to me what `sameSite=’lax’` means?

I need someone to explain to me what lax means, I don’t understand, break it down for me.

From MDN:


The SameSite attribute accepts three values:

Cookies are allowed to be sent with top-level navigations and will be sent along with GET request initiated by third party website. This is the default value in modern browsers.

Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.

Cookies will be sent in all contexts, i.e sending cross-origin is allowed.

None used to be the default value, but recent browser versions made Lax the default value to have reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks.

None requires the Secure attribute in latest browser versions. See below for more information.

Go to Source
Author: Joseph K.