Cookie partitioning keeps a third party's stored data separate for each top-level website you visit. The same embedded service can still remember something within one site, but it cannot automatically use that same cookie jar everywhere to assemble a cross-site trail.
The old shared-cookie model
A cookie is a small piece of site-controlled browser storage. First-party cookies help with sessions, preferences and carts. A third party embedded across many sites can also set or read cookies. Under the older shared model, an advertising or social domain could recognize the same identifier when it appeared on unrelated pages.
Firefox's Total Cookie Protection describes the new model as a separate cookie jar for each website. If an embedded domain stores an identifier while you visit one top-level site, the browser keys that storage to that context. Visiting another site produces a different compartment. Other browsers implement related partitioning systems with different names, scopes and compatibility rules.
Why this is not the same as deleting cookies
Deleting cookies removes stored values at that moment. Blocking all cookies can break sign-ins and embedded services. Partitioning instead changes where third-party state is available. A site can still keep its own session, and an embedded tool may still function inside the site where you used it.
- Your first-party login can remain active.
- An embedded service may have a different state on each website.
- Explicit access mechanisms can support legitimate cross-site sign-in flows.
- Fingerprinting, account-based tracking and server-side sharing are separate techniques.
When a site asks for access
Some embedded services genuinely need access to a broader identity—for example, a federated sign-in or a saved payment relationship. The web's Storage Access API gives embedded content a way to request unpartitioned cookie access under browser rules. That should be treated as a permission decision, not a routine pop-up to accept blindly.
If something breaks
First refresh and confirm the browser is current. If an embedded sign-in or payment frame fails, open the service directly in a new tab and sign in there. Use the browser's per-site exception only if you understand which site is requesting broader access. Turning off tracking protection globally trades a narrow compatibility fix for wider exposure.
What partitioning cannot promise
A signed-in platform can connect activity across its own services. Sites can share information on their servers. A browser fingerprint can combine device and software signals without relying on a classic cookie. Partitioning raises the cost of routine third-party cookie tracking; it does not create anonymity.
A practical privacy baseline
- Leave the browser's standard tracking protection enabled.
- Use per-site fixes before global exceptions.
- Review sites that are allowed broader cookie or storage access.
- Separate high-risk identities into different browser profiles when practical.
- Keep expectations realistic: storage protection is one layer, not the whole privacy system.
The important change is structural. Instead of asking people to clear every cookie repeatedly, the browser limits where a third party can reuse stored identity. That preserves more everyday functionality than a universal block while shrinking one of the web's easiest tracking paths.
Sources & methodology2 sources - evidence for this revision
The records below show what each source supports in this published revision.
- Introducing Total Cookie Protection in Standard ModeMozilla Supportreference - Retrieved Jul 12, 2026
What it supportsFirefox Total Cookie Protection maintains a separate cookie jar for each website.
- Storage Access APIMDN Web Docsreference - Retrieved Jul 12, 2026
What it supportsThe Storage Access API lets embedded content request access to unpartitioned cookies under browser controls.



