Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Why do I get cookies from blocked sites?

  • 12 uphendule
  • 3 zinale nkinga
  • 12 views
  • Igcine ukuphendulwa ngu cor-el

more options

I have assumed that if I block cookies from a site, then no cookies from that site should ever appear, right?

Yet just five minutes ago, when recovering the credentials for this account, I had somehow gotten cookies from google.com and google.fi even though both sites are blocked.

As I didn't know which cookies I need to allow to login here I had temporarily switched my default to "allow cookies" + "never allow 3rd party cookies". I thought that the list of blocked sites would still trump the default setting. Which brings me to my questions:

A) Will the "Exceptions" list in Options-> Privacy & Security overrule the default setting (allow/disallow). I have assumed it does, but something must have gone wrong.

B) Why would retrieving my credentials to this site cause a cookie from Google to be downloaded? When i) Google is blocked, ii) 3rd party cookies are blocked?

I have assumed that if I block cookies from a site, then no cookies from that site should ever appear, right? Yet just five minutes ago, when recovering the credentials for this account, I had somehow gotten cookies from google.com and google.fi even though both sites are blocked. As I didn't know which cookies I need to allow to login here I had temporarily switched my default to "allow cookies" + "never allow 3rd party cookies". I thought that the list of blocked sites would still trump the default setting. Which brings me to my questions: A) Will the "Exceptions" list in Options-> Privacy & Security overrule the default setting (allow/disallow). I have assumed it does, but something must have gone wrong. B) Why would retrieving my credentials to this site cause a cookie from Google to be downloaded? When i) Google is blocked, ii) 3rd party cookies are blocked?

All Replies (12)

more options
more options

How does deleting a cookie (after it has done its damage) stop my laptop from getting infected by it in the first place?

How does this explain why visiting this site caused that cookie to get installed in spite of its originating site being blacklisted?

more options

Blocking cookies is a no fool proof here they can change and use different means. So what you can block they will just change to something else. And some sites if you block cookies from them will in turn get you blocked as well. So it goes both ways not just one way. Their are legit cookies to be had with tracking to streaming movie site to restricted sites. So not all cookies are bad and some do have security protocols for their usage. And since we don't know what site your talking about this is far to general to help with. Otherwise you need to contact that site and ask them about their cookies.

more options

I know. The sites need cookies that keep my login credentials, shopping cart contents and such. It's cookies and scripts from third parties such as google, quantserve and such that I want to protect myself against. It used to be possible to configure Adblocker to also filter elements other than ads. I need to do more homework here.

Reaching for my tinfoil hat...

You do know that selective treatment of cookies is IMHO a MAJOR selling point for Firefox. No other major browser gives a s¤%& about such privacy settings.

more options

I have repeatedly tried to set cookies to "always" and then establish exceptions, like The Washington Post. Firefox does not recognize the Post as an exception, even though while on a WaPo page right-clicking to View Page Info/permissions shows that block has been selected (suggesting but not perhaps proving that I have not typed the wrong url). Security shows six cookies. Only if I de-select "always" accept cookies can I visit the Washington Post without getting six cookies. Is this a bug or is there a solution?

more options

Hi SoCal, a reliable way to create exceptions is to use the Page Info dialog. However, this would be after loading the page, so you won't be able to avoid the first set of cookies if you have Firefox set to always accept them. Here's how:

Call up the Permissions panel of the Page Info dialog using any of these:

  • right-click a blank area of the page and choose View Page Info > Permissions
  • (menu bar) Tools menu > Page Info > Permissions
  • click the padlock or "i" icon to the left of the site address, then the ">" icon, then More Information > Permissions

Scroll down to "Set Cookies" and uncheck the "Use default" box, and then select the permission you prefer.

There's no save button for this dialog, changes are saved as you go, so you can close it after that. You can compare the way Firefox set up the exception back on the Options page.

more options

Thank you, jscher2000. I have done this (more than once). I just did it again: I started with accept/always, with the Washington Post an exception set to block, and no current cookies from the Post. I then went to the Washington Post. There, my View Page Info Permissions shows the block, but Security shows six cookies again. Checking back with Preferences/show cookies, those six cookies appear. Somehow the Post seems able to override my choices, which sure sounds like a Firefox security lapse.

more options

Hi SoCal, you're right about the Washington Post. Firefox's Permissions panel saves

Set Cookies: Block for https://www.washingtonpost.com

but in order to block the cookies, as you can see when you look at the "Show Cookies" dialog, the permission needs to be

Set Cookies: Block for https://washingtonpost.com

-- no www.

I wonder whether that is a new problem because it could affect a lot of site.

more options

Update: I have discovered that www.nytimes.com changes from what I select (block) to "allow." You can try this yourself -- please. I also found a cookie from a site that I never heard of (awfulannouncing.com, which a Google search says claims to be a sports fan site) -- and after setting awfulannouncing.com to block, it reappeared as allow. It seems obvioius to me that Firefox users cannot use accept/always and expect to create block exceptions that actually work for all sites.

more options

Thank you again, jscher2000: blocking https://www.washingtonpost.com does seem to work, and that fix seems to work for the NYTimes as well. I hope that Mozilla can see to it that View Page View/Permissions does not show "block" when there is no block because of a variation in the url.

more options

Edit: I meant omitting the www worked.

more options

You can compare the domain in the block exception with the domain (path) of the cookies to determine what block or allow exception(s) you need. That is also useful for website that do not work without allowing specific third-party cookies.