Network.cookie.cookieBehavior

Background

This preference controls how the browser allows cookies.

Possible values and their effects

0

All cookies are allowed. (Default)

1

Only cookies from the originating server are allowed.

2

No cookies are allowed.

3

Third-party cookies are allowed only if that site has stored cookies already from a previous visit (Firefox 22.0 and SeaMonkey 2.19 and later) (obsolete) Cookies are allowed based on the cookie P3P policy

UI

Firefox 3.0 and above

Tools -> Options -> Privacy / Cookies

• "Accept cookies from sites"
  • Accept third-party cookies

Note: Unchecking "Accept third-party cookies" will allow cookies from the originating server only.

Firefox 2.0

Tools -> Options -> Privacy / Cookies

• "Accept cookies from sites"

Note: The option to only allow cookies from the originating server was removed from the UI in Firefox 2.

Firefox 1.5

Tools -> Options -> Privacy -> Cookies

• "Allow sites to accept cookies"
  • "for the originating site only"

SeaMonkey

Edit -> Preferences -> Privacy & Security -> Cookies / Cookie Acceptance Policy

• Block cookies
• Allow cookies for the originating web site only (no third-party cookies)
• Allow third-party cookies for previously visited websites only (SM 2.19 and later)
• Allow all cookies

Mozilla Suite

Edit -> Preferences -> Privacy & Security -> Cookies / Cookie Acceptance Policy

• Allow all cookies
• Allow cookies for the originating web site only
• Block cookies
• Allow cookies based on privacy settings

Caveats

• Disabling cookies will break many sites that require you to log in.

First checked in

2003-06-14 by Daniel Witte

Has an effect in

• Netscape (all versions since 7.2)
• Mozilla Suite (all versions since 1.5)
• Phoenix (all versions)
• Mozilla Firebird (all versions)
• Mozilla Firefox (all versions)
• SeaMonkey (all versions)

Related bugs

• Bug 200632 - cookie rewrite, phase 3
• Bug 324397 – Third-party cookies should be blocked by default (flip the hidden pref)
• Bug 349680 – "Allow sites to set cookies for the original site only" missing from cookie preferences
• Bug 417800 – Revert to not blocking third-party cookies (was: 3rd party cookies should be *sent* even when blocked from being *set*)
• Bug 419596 – add third party cookie blocking option to cookie pref UI
• Bug 818340 - Block cookies from sites I haven't visited
• Bug 845353 - New 3rd-party cookie restriction to visited websites is default but not an option in Cookies pref pane

Related preferences

• network.cookie.lifetimePolicy

See also

• Cookies