Currently, the availability of Private Aggregation’s debug mode is tied to a caller's eligibility to set a third-party cookie (see https://chromestatus.com/feature/5148973702840320). However, an edge case was missed in this logic: if the caller can only set a third-party cookie due to a top-level site exception (i.e. the user has generally disabled third-party cookies), this could allow access to information set from other sites that are not on the exception list. To avoid this issue, we plan to start ignoring these top-level site exceptions when determining the availability of Private Aggregation’s debug mode. (It is not possible in Chrome to generally enable third-party cookies but disable them on one site, so the inverse case doesn’t need to be considered.) This does not require a spec change. Note that this new behavior can reveal to the site that the user has generally disabled third-party cookies.