I was surprised today to visit a site and notice the "permissions" icon appear at the left of the address bar, showing me that cross-site cookies were allowed for this si… (read more)
I was surprised today to visit a site and notice the "permissions" icon appear at the left of the address bar, showing me that cross-site cookies were allowed for this site. I have Enhanced Tracking Protection set to "Strict", so obviously this was a worrying thing to happen.
Looking into it a bit further, it seems Firefox provides a backdoor for cross-site cookies: https://support.mozilla.org/en-US/kb/third-party-trackers?as=u&utm_source=inproduct#w_managing-cross-site-cookies
- "While cross-site cookies from trackers are blocked in Firefox by default, a site may signal to the browser that it needs to use them for important functionality. In this case, Firefox will allow a third-party website to use cross-site cookies the first five times (or up to 1% of the number of unique sites you visit in a session, whichever is larger) without prompting you. After that, Firefox will prompt you to block these cookies. Without your consent, Firefox blocks these cookies from that point because a site requesting access that many times may be a tracker."
This is most definitely not what I want!
I want every cross-site cookie to be blocked by default, unless and until I explicitly approve it. Is there an about:config preference I can set to achieve this?