Mozilla changes Firefox's cookie policy, improves user privacy

Martin Brinkmann
Feb 24, 2013
Updated • May 7, 2013

Many browser developers have added various features and options to their web browsers to improve the privacy of users on the Internet. All include a private browsing mode for instance now which users can make use of to prevent the saving of session related data on the computer system they are using.

Companies have also pushed forward the Do Not Track feature which tells websites that users do not want to be tracked. Do Not Track is not a mandatory feature though and it is up to each individually website and company to either comply with the request or ignore it.

Cookies, small data files saved to the local system when users connect to websites, are often used to track users on the web.A distinction is made between first party and third party cookies. First party cookies are saved by the domain a user is connecting to.

If you open the Reddit homepage for instance, any cookie send by Reddit to the local system is considered a first party cookie. Third party cookies on the other hand originate from scripts that are run on a site. A script like Google Adsense saves cookies on the system. It is allowed to do so because it is run on the site the user is connecting to.

firefox accept third party cookies visited sites screenshot

Mozilla two days ago announced a change to how the Firefox web browser is handing cookies in the future. Firefox from version 22 on will handle cookies in the following way:

  • First party cookies are still saved automatically unless the user has modified the preferences of the browser in this regard.
  • Third party cookies are only saved to the system if its origin has at least one cookie set already. So, if you go to a site that has a Facebook like button implemented, Facebook may not be able to set a cookie on your system unless you have been to the main Facebook website previously.

The new policy is not as strict as disabling all third party cookies using Firefox's preferences, but stricter than how Google Chrome is currently handling cookies (allow all).

Impact on site functionality should be minimal as third party cookies are usually not required for a site's functionality.  Some sites will break however as a consequence and it is not really clear how those will be handled when the patch lands in Firefox 22.

One suggestion that has been made was to accept third party cookies for a session and delete them once the session ends. This would remove the tracking aspect without interfering with site functionality.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. anonymous said on February 24, 2013 at 11:30 pm

    It would be nice if they eventually make it where the flash cookies can be seen and be separate as well.

    1. Martin Brinkmann said on February 25, 2013 at 3:26 am

      They will include other forms of storage in future upgrades.

  2. Nebulus said on February 24, 2013 at 2:16 pm

    I believe that this is a good idea, as long as the user keeps the option to set this to never or always (and from your screenshot it seems that it will).

  3. Transcontinental said on February 24, 2013 at 11:11 am

    I guess the default value for third-party cookies will be “always” as it will have been previously.
    In 12 years on the Web, I’ve never allowed 3d part cookies, IE as well as Firefox. I recall a problem once. There is no legitimate reason for those cookies, if required I ban the site from my occupations.

    1. Martin Brinkmann said on February 24, 2013 at 11:55 am

      As far as I understood it, Firefox 22 and newer will block third party cookies by default unless the originating server has set at least one first party cookie.

      1. Transcontinental said on February 24, 2013 at 1:59 pm

        OK. Good. Once you are aware of the number of users that stick on default settings whatever application it be, opting in (with security & privacy as references) is truly fair-play.

  4. ilev said on February 24, 2013 at 4:44 am

    Safari has this policy for years.

    1. Ahmad said on February 24, 2013 at 5:40 am

      Bug was parity safari so already know but thanks for sharing with others.

    2. Martin Brinkmann said on February 24, 2013 at 4:50 am

      Right, thanks for the tip btw.

      1. ilev said on February 24, 2013 at 10:48 am


Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.