Comment 94 for bug 44062

This gets even more complicated as there are countries which mix both ways ie. company.at company.co.at and ohters which are selling secong level country domains, ie .de.zzz

You should disallow cookies without looking at the top level domain, if the second level is one of the usual co,or,gv or any valid top level domain (in place of the 2nd).