There are different ways to set cookies, via network requests or JavaScript. For web developers it may not be obvious, where a cookie came from. Therefore there should be a column within the cookies list indicating the source of the cookie similar to the 'Cause' column for network requests. This column would then either contain a reference to the network request or the JavaScript source (if possible with line and column numbers) that set the cookie. In case the network request is not listed (anymore) within the Network Monitor, the column should at least contain the URL of the request. Sebastian

We *may* be able to get some information about the origin from the storage inspector but we will have to investigate that.

Filter on HOTFROG.

I have taken some time to investigate this and there doesn't appear to be any way to find out whether a cookie came from a network request or whether it was set by JavaScript. @Jason Is there any way we can tell if a cookie has been created using JavaScript or via a network a network request? In our devtools it would be great to have a way to find out.

Nick, I should know this but I don't--can you look into it? Sounds like we might need to export this info to XPCOM

Looks like the closest thing we have (which is totally not what we want, btw, so don't be fooled) is nsICookie2::isHttpOnly (which could definitely be taken as a sign that it was set via http if it's true, but it being false tells us nothing about the source). Doesn't look like we store the source info in the cookie itself, so we'd have to plumb that through (and properly serialize it to disk, and, and, and). That info is definitely available when set in the cookie manager (I've changed code based on that kind of thing before), so it's doable, but we'd have to be ok with old cookies not having source info until they get refreshed or removed & recreated. Probably not the end of the world.

(In reply to Nicholas Hurley [:nwgh][:hurley] (also hurley@todesschaf.org) from comment #5) > Doesn't look like we store the source info in the cookie itself, so we'd > have to plumb that through (and properly serialize it to disk, and, and, > and). That info is definitely available when set in the cookie manager (I've > changed code based on that kind of thing before), so it's doable, but we'd > have to be ok with old cookies not having source info until they get > refreshed or removed & recreated. Probably not the end of the world. Surely not. From a user point of view, this case might be handled by displaying something like "not available", or "unknown" with a tooltip explaining why. Sebastian

I have created bug 1437057 for implementing this and set it to blocking.