To the Ministry's main lobby The Ministry Blog
concert setlists

26 March, 2008

Third-party cookie blocking in Firefox 2

In Firefox 1.5, I was accustomed to accepting cookies from most sites I chose to visit, but automatically blocking 'third-party' cookies set by advertisers, traffic counters, etc.

It couldn't have been easier: a setting under Tools -> Options -> Privacy -> Cookies allowed one to 'Allow sites to accept cookies' and 'for the originating site only'. However, it seems a number of cookie providers were exploiting a workaround to bypass the block, ignoring the user's wishes. Rather than encourage user complacency about a functionality which couldn't be relied upon, Mozilla removed third-party cookie blocking from the Firefox 2.0 user interface.

However, the functionality remains, for those fulfilling two conditions:

  • A willingness to edit settings via about:config, a powerful interface presumably designed to deter those who don't know what they're doing!
  • An understanding that it'll still allow some third-party cookies through.
Implementation is straightforward:
  • In about:config * , search for the network.cookie.cookieBehavior line. Right-click on this option and select 'Modify' from the pop-up menu.
  • The setting accepts three values:
    • 0: accept all cookies
    • 1: only accept cookies from the same server
    • 2: disable all cookies.
  • Choose '1'
  • Click 'OK'.
Subsequently, if you visit the 'Show Cookies' list, you'll see cookies from addresses you haven't visited. These are the ones which have used iFrames or similar to spoof the block. In a sense, they've done you a favour, as you'll know which addresses to manually add to the 'Blocked' list.

Despite it's unreliable performance, the third-party cookie block is popular with users, so the Mozilla development community have been re-examining it recently, and it seems a tightened block will be available in Firefox 3.

Thanks to T'other Neil for bringing this to my attention.

*: I'm deliberately not saying how to open 'about:config' – if you don't know that, you probably shouldn't be playing with the settings anyway....

Site Home Tull Tour History Annotated Passion Play
Day in the life... Page design and original graphics © NRT, 2003