1.1.27 Ensure 'Block third party cookies' is set to 'Enabled'

Information

This policy controls whether web page elements from a domain other than that in the address bar is able to set cookies.

The recommended state for this setting is Enabled.

Rationale:

Allowing third-party cookies could potentially allow tracking of your web activities by third-party entities which may expose information that could be used for an attack on the end-user.

Impact:

Disabling third-party cookies could cause some websites to not function as expected (e.g., Microsoft 365 or Salesforce).

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Block third party cookies

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.

Default Value:

Enabled - Users can change this setting.

See Also

https://workbench.cisecurity.org/files/3907

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv7|5.1

Plugin: Windows

Control ID: 57758962bf619766a08223e1bd1036e2bd4b9f3cc946d743c8b5bc68a31d41a1