Cookie public suffix test

Every cookie is associated with the domain it came from; that way, sites can't read each other's cookies. Some websites have subdomains, like and; browsers let such sites set a less-specific domain (in this case, anything ending in so that all subdomains can see the cookie. However, the browser needs to make sure that a site can't set a cookie for, say, all sites ending in .com or (called "public suffixes"), because otherwise unrelated sites would be able to read and interfere with each other's cookies.

In order to do this, browsers need to know what domains parts represent a website (like, and what parts are public suffixes (like .com). Older browsers used simple algorithms for determining what's a public suffix; however, now there's a list of public suffixes, which includes not only ordinary top level domains like .com, .org,, etc., but also some hosting providers that allow anyone to create websites under their domain—including the one I'm using.

This page tests if your browser actually uses that list (and is reasonably up-to-date), or if it uses a simpler algorithm that would allow cookies available to all sites.


(results will appear here)