Comment 34 for bug 44062

Interesting. I didn't realize that Set-Cookie2 already had a provision for
this. That's nice, but I wish they had just named the new request header
Cookie2 :-(

I agree that we'd need to expose a DOM API for this as well.

Anyways, my theory was that anything we do might break legitimate cookie usage.
 Afterall, consider "co.tv" which is an actual web server providing information
about getting a ".co.tv" domain. How would the blacklist solution work with
this? I'm also not too crazy about shipping with a default blacklist since that
implies a static web. What happens when new TLDs get created or change?