Blog

Firefox Total Cookie Protection: per-site cookie jars, CORS, and cross-site POST requests

Firefox isolates cookies per first-party site—APIs that rely on third-party cookie context need redesign, not CORS tweaks alone.

Published: 2027-12-14Updated: 2027-12-161 min read

firefoxprivacycors

Containers

Multi-Account Containers duplicate storage—CORS policies must align across container profiles.

Temporary containers reset cookies—expect more auth flows in SPAs using shared APIs.

Firefox sends fewer default client hints—do not rely on UA-CH for CORS decisions.

Fingerprinting resistance may alter timing—preflight latency percentiles differ from Chrome.