This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox 86 "Total Cookie Protection": I want no "automatic exceptions"

  • 1 reply
  • 1 has this problem
  • 24 views
  • Last reply by TyDraniu

more options

Quoted from: https://www.theregister.com/2021/02/24/firefox_cookies_86/ ..."it's Total Cookie Protection With Some Exceptions, Handled Automatically" ..."Meanwhile, Google and its ad tech frenemies are racing to develop various Privacy Sandbox proposals so they can implement behavioral ad targeting"

I don't WANT exceptions! Behavioral ad targeting is exactly what I'm trying to avoid. I don't want Google shaping my searches and influencing my opinions by "telling me what I want to hear"...it thinks! Total Cookie Protection sounded exciting until I read this. How do we force it to work "without automatic exceptions"?

I was excited about this new feature because it might allow me to stay logged in to sites like Google and Amazon without their infamous tracking and search-shaping. If not this setting is pretty useless.

Quoted from: https://www.theregister.com/2021/02/24/firefox_cookies_86/ ..."it's Total Cookie Protection With Some Exceptions, Handled Automatically" ..."Meanwhile, Google and its ad tech frenemies are racing to develop various Privacy Sandbox proposals so they can implement behavioral ad targeting" I don't WANT exceptions! Behavioral ad targeting is exactly what I'm trying to avoid. I don't want Google shaping my searches and influencing my opinions by "telling me what I want to hear"...it thinks! Total Cookie Protection sounded exciting until I read this. How do we force it to work "without automatic exceptions"? I was excited about this new feature because it might allow me to stay logged in to sites like Google and Amazon without their infamous tracking and search-shaping. If not this setting is pretty useless.

Modified by gggirlgeek

All Replies (1)

more options

It looks like the preference network.cookie.rejectForeignWithExceptions.enabled enables the feature.

In order to prevent login and other flows from breaking, we added some exceptions to cookie and storage blocking. For example, if the website called the Storage Access API to request storage access or if the user went through a flow that looked like a login, we would allow the third-party cookie and storage access.

We also have a stricter cookie behavior “1” (BEHAVIOR_REJECT_FOREIGN) [1]↓ that blocks all third-party cookies and storage, regardless of whether or not Disconnect has classified the third party as a tracker. We’ve seen this setting cause breakage in the past. We’d like to see if the heuristic exceptions we use in our tracking cookie blocking will fix that breakage.

We’ve added a new pref network.cookie.rejectForeignWithExceptions.enabled to enable the cookie blocking exceptions for cookie behavior “1” so that we can test the web compatibility effects of blocking all third-party cookies when there are exceptions. The pref will be enabled by default in Nightly only. This means that if you have all third party cookies blocked in Nightly, you may sometimes receive third-party cookies if you trigger Gecko’s internal heuristics or the Storage Access API is called by the website.

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1625568

[1] network.cookie.cookieBehavior:

  • “0” (BEHAVIOR_ACCEPT) - accept all cookies
  • “1” (BEHAVIOR_REJECT_FOREIGN) - any 3rd party context doesn’t receive/send cookies and it’s unable to use storage APIs.
  • “2” (BEHAVIOR_REJECT) - cookies and storage APIs are disabled everywhere
  • “3” (BEHAVIOR_LIMIT_FOREIGN) - unknown 3rd party contexts do not receive/send cookies and they are unable to use storage APIs
  • "4” (BEHAVIOR_REJECT_TRACKER) - to simplify, we deny the use of cookies and storage APIs for any 3rd party contexts classified as trackers.
  • “5” (BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN) - it’s ETP, plus, dFPI (dynamic first-party isolation) for third-party contexts. This cookie policy is not yet exposed and is under active development.