Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

when adding a cookie exception for a site. http is automaticly added to have to add https for a complete excpetion

  • 5 replies
  • 2 have this problem
  • 78 views
  • Last reply by P1h3r1e3d13

more options

I want to add an cookie exception for a website. When i look at the cookies installed in firefox it doesn't say its http or https

When i want to make an exception (i delete all cookies when exit the browser) for a site it adds http to the domain.

Do i need to make an exception for the domain with http and https? Why can't i make a *.domain.com exception

Why can't i make the exception from the cookie overview window?

I want to add an cookie exception for a website. When i look at the cookies installed in firefox it doesn't say its http or https When i want to make an exception (i delete all cookies when exit the browser) for a site it adds http to the domain. Do i need to make an exception for the domain with http and https? Why can't i make a *.domain.com exception Why can't i make the exception from the cookie overview window?

Chosen solution

patrick_31 said

but is there any logic why it adds a http to the exceptions list when it is not relevant for the domain

It is relevant. An "http://example.​com" rule allow/blocks cookies from http://example​.com. An "https://example​.com" rule blocks cookies from https://example​.com. When you put in a domain without a protocol, Firefox assumes you mean http. For more explanation, see my question here.

patrick_31 said

For example when I make an exception for lastpass,com I have cookies for six other domains from lastpass. how can i block for example blog.lastpass.com

Make a block rule for "blog.lastpass​.com." Probably also for "https://blog.lastpass​.com".

Read this answer in context 👍 0

All Replies (5)

more options

You don't need the wildcard. An exception for `example.com` will cover `a.example.com`, `b.example.com`, `x.y.foo.bar.example.com`, etc.

The HTTP/HTTPS question is a good one.

more options

Note that you shouldn't use "Clear history when Firefox closes" to clear Cookies and Site Preferences if you want to keep specific cookies via an Allow exception.


In case you use "Clear history when Firefox closes" or otherwise clear history.

  • do not clear the Cookies
  • do not clear the Site Preferences
  • clearing "Site Preferences" clears exceptions for cookies, images, pop-up windows, and software installation and exception for password and other website specific data
  • clearing "Cookies" will remove all selected cookies including cookies with an "Allow" exception you may want to keep
more options

but is there any logic why it adds a http to the exceptions list when it is not relevant for the domain

I also find it strange that when I look at 'Manage cookie and site data' there are different cookies for the same domain but also for sub domains.

For example when I make an exception for lastpass,com I have cookies for six other domains from lastpass.

how can i block for example blog.lastpass.com

more options

It is usually best to add the proper exception (protocol + domain) yourself to the Cookie Manager Exception window. If you use "Tools -> Page Info -> Permissions" then you might create an exception for a specific sub domain and that may not always work in case you need an exception for the top level domain.

more options

Chosen Solution

patrick_31 said

but is there any logic why it adds a http to the exceptions list when it is not relevant for the domain

It is relevant. An "http://example.​com" rule allow/blocks cookies from http://example​.com. An "https://example​.com" rule blocks cookies from https://example​.com. When you put in a domain without a protocol, Firefox assumes you mean http. For more explanation, see my question here.

patrick_31 said

For example when I make an exception for lastpass,com I have cookies for six other domains from lastpass. how can i block for example blog.lastpass.com

Make a block rule for "blog.lastpass​.com." Probably also for "https://blog.lastpass​.com".