I use aggressive cookie blocking with exceptions for sites where I want to allow cookies. I use the Manage Permissions... button under Cookies and Site Data When setting a site exception, I use the format such as https://company.com with Allow for Session. This worked fine for all subdomains on company.com. Now I find that in order to get some sites to work, I need to add a specific subdomain with the Allow option Example 1: https://chase.com Allow for Session https://chaseonline.chase.com Allow (this exception was not required before FF67) Example 2: https://fidelity.com Allow for Session https://oltx.fidelity.com Allow (this exception was not required before FF67) I can find no explanation for this, nor any setting to avoid the issue. For sites using lots of subdomains it gets tedious trying to figure out which one to allow to make the site work.