Effective Secure Cookie Management

Martin Brinkmann
Dec 10, 2008
Updated • Dec 9, 2012

How would an effective and secure cookie management look like? Most users would probably answer that it would make use of whitelists, blacklists and temporary cookies. The whitelist would contain trusted sites that require cookies to function properly. Trust would mean that you would keep the cookies on your system even after closing the session to make it comfortable working with the website.

The blacklist would contain websites that should not be allowed to place cookies on the user's system. A die hard approach would be to start every new site in the blacklist and move it to either the temporarily allowed sites or the whitelist when needed.

The temporary list would contain sites that would require cookies to work properly but that are not trusted enough - or where it is not necessary - to be placed in the whitelist.


If you look at the cookie management features in a blank version of Firefox - that is one without extensions - you notice that it already comes with a few features that are required. The basic settings are to accept cookies / third partie cookies and keep them until they either expire (that would be set by the webmaster of the website), you close Firefox or to ask the user how he would like to handle the cookies.

There is also an option to add exceptions. Exceptions handle cookies from websites that are entered by the user this way. Cookies of those websites can either be allowed, blocked or temporarily allowed which would exactly be what we have been looking for.

Now while this might be everything needed it is highly uncomfortable to work with. Permit Cookies is a Firefox add-on that makes the whole process easier.


Cookie management in Opera does not come with an option to whitelist or blacklist websites. Users can accept cookies / third party cookies and also make the browser to disallow all cookies. There is an option to delete new cookies when exiting Opera and an option to ask the user whenever a new cookie is encountered.

The ability to manage cookies is different to that of Firefox. Opera users can manipulate cookie contents and delete already existing cookies. There is however no way to add exceptions.

Opera's Site Preferences make it possible to configure cookies per website visited.

This makes it possible to accept or block cookies for specific websites.

Google Chrome:

Google Chrome's cookie management consists of one pulldown menu with three options. Users can either allow all cookies, restrict third party cookies or block all cookies. It is possible to take a look a the cookies with the option to search and remove selected ones or all of them.

Internet Explorer 7

Internet Explorer 7 comes with sufficient cookie management. Users can use a slider to pick on of six available cookie management options. This ranges from accepting all cookies to blocking them all. In between are restrictions for some first and third party cookies.

Internet Explorer 7 makes use of a whitelist and blacklist to permanently allow or block cookies of specified websites. It's also the only browser with options to override automatic cookie handling to configure first-party and third-party cookies in detail. At least in the main menu that is.


Firefox and Internet Explorer provide the most options for their users to handle cookies. Everything that is not directly available in Firefox can be added with some extensions. Opera is the only browser that allows cookie manipulation but fails to provide a blacklist and whitelist. Google Chrome on the other hand offers a miserable cookie management.

Opera is the web browser with the most extensive options for managing cookies. It is the only browser that makes it possible to manipulate cookies. Firefox users can add this option by installing add-ons for the browser. Both Firefox and Internet Explorer come with enough options to manage cookies including the possibility to whitelist or blacklist sites.

Google Chrome on the other hand is the only browser that has an inferior cookie management with no options to add websites to a whitelist or blacklist.


Previous Post: «
Next Post: «


  1. cc said on December 14, 2008 at 2:12 am

    I used Permit Cookies for Firefox for a long time, but in the end realised it was quite limited. After trying a few, I found CS Lite ( https://addons.mozilla.org/firefox/addon/5207 ).

    On top of whitelists and blacklists, it also has a few other features I use regularly:
    – whitelist for session cookies
    – lists the last 10 sites that tried to set cookies (helpful to identify cookies that come from third party domains)
    – “temporarily allow cookies for this site”. Allows you to access restrictive sites without permanently adding it to your whitelist.

  2. Jojo said on December 11, 2008 at 2:57 am

    I’ve used FF Permit Cookies for some time. Works great.

    But there is one small problem to be aware of. If you go to a page that requires cookies and you then allow cookies via PC, the page may not recognize that you have allowed cookies. The solution is to close the page and then re-open it.

  3. operaised said on December 10, 2008 at 9:17 pm

    That was fast :)

    Keep up the good work Martin

  4. Martin said on December 10, 2008 at 8:35 pm

    operaised: I suspected as much but forgot about that option. Article was updated with the new information.

  5. operaised said on December 10, 2008 at 8:17 pm

    Opera actually has the option to whitelist cookies thought “Site Preferences”.
    You can have “deny all cookies” enabled in the preferences .
    Then when in a site you want cookies enabled you can go in that site site specific preferences and enable cookies.
    I personally have Opera delete all new cookies and disable that option for sites that I want to be left log in (again throught site specific preferences)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.