Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

I would like to enable third party cookies *only* when browsing in a private window

  • 4 replies
  • 1 has this problem
  • 27 views
  • Last reply by rparkins

more options

Firefox allows me to set protection so that third party cookies are allowed in normal windows, but not in private windows. I think it makes more sense to have it the other way round. Generally I don't want third party cookies: most of them are trackers or do something else undesirable. However some sites won't work if third party cookies are disabled. If I open such a site in a private window, all cookies set by the site will be thrown away when the window is closed, so third party cookies won't be seen by any other site and are relatively harmless. Currently (78.1.0esr 64-bit) I can turn off enhanced tracking protection for such sites, but I have to do it every time I open a private window, and for each site I visit in that window. I would like to be able to make that the default for private windows.

Firefox allows me to set protection so that third party cookies are allowed in normal windows, but not in private windows. I think it makes more sense to have it the other way round. Generally I don't want third party cookies: most of them are trackers or do something else undesirable. However some sites won't work if third party cookies are disabled. If I open such a site in a private window, all cookies set by the site will be thrown away when the window is closed, so third party cookies won't be seen by any other site and are relatively harmless. Currently (78.1.0esr 64-bit) I can turn off enhanced tracking protection for such sites, but I have to do it every time I open a private window, and for each site I visit in that window. I would like to be able to make that the default for private windows.

All Replies (4)

more options

Hi

You can alternatively create cookie allow exceptions for specific third-party domains if a website isn't working properly. You may have to allow all cookies temporarily to see what third-party domains are used.

See also network.cookie.thirdparty prefs on the about:config page.

more options

Yes, I knew that I could do that. The problem with it is that a cookie set under a cookie allow exception persists either permanently or for the current Firefox session. So if it is a tracking cookie the site can track me at least until I close Firefox, which I don't want.

Firefox doesn't provide a way of allowing a cookie to persist only until I move from the page, which would prevent tracking. However a site which don't work without setting third party cookies may well be relying on the cookie persisting as it redirects me between pages. Opening the site in a private window allows cookies to persist between pages, but (as long as I open each site in a separate private window) doesn't allow me to be tracked between sites.

If I set up a cookie allow exception, then any site can set or read that cookie, so to prevent cross-site tracking I would need to open every site either in a private window or in a container specific to that site.

I can tell Firefox that a particular site is always to be opened in a container specific to that site, however I have reported bug 1661472 where it seems to be able to set a third party cookie as the site is entered, so this doesn't prevent cross-site tracking either.

My proposed improvement does prevent cross-site tracking, because third party cookies would only be allowed to be set in a private window. Ideally I would want to be able to specify that a particular site should always be opened in a private window as well, but that would need to be a separate post.

It's worth noting that Firefox has released an extension that prevents cross-site tracking using Facebook third party cookies, so the developers know that this is a real problem, but this extension isn't scalable to all the other sites which use third party cookies for tracking.

more options

Note that all Private Browsing mode windows share the same PB mode cookie jar and this cookie jar is only purged when you close all PB mode windows. To isolate cookies, you can consider to use containers.

more options

"Note that all Private Browsing mode windows share the same PB mode cookie jar"

I didn't know that: the documentation doesn't make it very clear.

In that case I think we need an alternative solution to the problem of allowing a site to set third party cookies (since some don't work without) without allowing these cookies to be seen by any other site (which would permit cross-site tracking).