Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Google sets cookies in private mode

  • 6 replies
  • 18 have this problem
  • 2 views
  • Last reply by RNNR

more options

I have set Firefox to always load in Private mode through about:config and through the Privacy settings panel. Despite this, I see an NID cookie from google every time I open a window. Even when I do a clean exit and start afresh, the cookie is there. I can use a cookie manager to delete the cookie but it always reappears. I even have google blocked in the cookie exception setting and don't use google as my default search provider.

I'm on a Mac running FF 46.0.1.

I thought Private mode was not supposed to do this.

I have set Firefox to always load in Private mode through about:config and through the Privacy settings panel. Despite this, I see an NID cookie from google every time I open a window. Even when I do a clean exit and start afresh, the cookie is there. I can use a cookie manager to delete the cookie but it always reappears. I even have google blocked in the cookie exception setting and don't use google as my default search provider. I'm on a Mac running FF 46.0.1. I thought Private mode was not supposed to do this.

Chosen solution

Ok. Although I don't fully understand why it is implementing Safe Browsing when it is disabled, I will adjust my browsing accordingly. Thanks for the quick feedback.

Read this answer in context 👍 5

All Replies (6)

more options

Some Google cookies are used for the safe browsing component (phishing protection) and you can't remove these special cookies permanently.

more options

According to Google's own pages: https://www.google.com/policies/technologies/types/

"Google uses cookies like NID and SID to help customize ads on Google properties, like Google Search. For example, we use such cookies to remember your most recent searches, your previous interactions with an advertiser’s ads or search results, and your visits to an advertiser’s website. This helps us to show you customized ads on Google."

This doesn't seem like safe browsing.

more options

as cor-el has mentioned this is most likely a sandboxed google cookie from the connection to retrieve the safebrowsing list from their server. you can test it by disabling the blocking of reported attack sites and web forgeries in the firefox menu ≡ > options > security panel...

more options

I tried disabling the two settings and the cookie comes back. I can delete it with a cookie manager and it is restored within a minute or two.

more options

Here are the HTTP response headers from one of the safebrowsing-update requests that include a request to create a NID cookie as seen with the Live Http Headers extension.

https://safebrowsing.google.com/safebrowsing/downloads?client=navclient-auto-ffox&appver=47.0.1&pver=2.2&key=xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxx_xxxxxx

HTTP/2.0 200 OK
Content-Type: application/vnd.google.safebrowsing-update
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/answer/151657?hl=en for more info."
x-content-type-options: nosniff
Server: HTTP server (unknown)
Content-Length: 737
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: NID=82=xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; expires=Sun, 15-Jan-2017 22:58:08 GMT; path=/; domain=.google.com; HttpOnly
Alternate-Protocol: 443:quic
Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32,31,30,29,28,27,26,25"
Expires: Sat, 16 Jul 2016 22:58:08 GMT
Cache-Control: private
X-Firefox-Spdy: h2
more options

Chosen Solution

Ok. Although I don't fully understand why it is implementing Safe Browsing when it is disabled, I will adjust my browsing accordingly. Thanks for the quick feedback.