What does "whitelist cookies" mean?

Whitelisting cookies means adding a domain to an exception list so that its cookies (and optionally other site data) are preserved even when you clear cookies for everything else — manually, on browser exit, or on tab close via an extension.

Does Chrome have a built-in cookie whitelist?

Yes, partially. Under Settings → Privacy → Cookies → "Sites that can always use cookies" you can add domains. This whitelist exempts those domains from the "Clear on exit" toggle and from third-party cookie blocking. It does not affect per-tab auto-delete extensions.

What is the difference between Chrome's built-in whitelist and Guardian's whitelist?

Chrome's whitelist only exempts from "Clear on exit" and third-party blocking. Guardian's whitelist exempts from per-tab auto-delete, covers all storage types (cookies + localStorage + IndexedDB + Cache + Service Workers), supports wildcard patterns, and syncs across devices in Pro.

How do I whitelist subdomains?

In Chrome's built-in, prefix the domain with [*.] — for example, [*.]google.com. In Guardian, subdomain inheritance is on by default when you add a domain; you can disable it per rule if needed.

Will whitelisting a site let it track me?

Whitelisting keeps the site's cookies alive, which means the site can maintain your session and preferences — and also track you across visits if it chooses. Only whitelist sites you trust. Trackers embedded on other sites (third-party cookies) are controlled by Chrome's third-party cookie policy, not by your whitelist.

What is the greylist?

CookieVault Guardian's greylist is a middle ground — "keep for this session, clean next time." Useful for sites you visit occasionally where you want session continuity but no long-term cookie persistence. Chrome's built-in does not have an equivalent.

Can I export my whitelist?

Chrome's built-in does not have export/import. CookieVault Guardian does — Settings → Export → JSON. This is useful when setting up a new device or syncing manually across browsers that don't use the same account.

How many sites should I whitelist?

As few as possible. A typical user needs 5-10 entries (email, bank, code host, work tools, password manager). Every additional entry is a domain whose cookies persist across sessions, so keep the list tight and review it periodically.

How to whitelist cookies in Chrome

TL;DR: Chrome has a built-in “Sites that can always use cookies” exception list under Settings → Privacy → Cookies. For richer whitelist behavior — subdomain inheritance, wildcard patterns, greylist, and per-tab auto-delete exemption — use CookieVault Guardian’s whitelist instead.

Whitelisting cookies in Chrome is the practice of exempting specific trusted domains from any cookie-clearing policy — whether that is Chrome’s built-in “Clear on exit,” a manual bulk delete, or a per-tab auto-delete extension. The goal is simple: keep logins for the sites you use daily while everything else gets cleaned.

Two approaches compared

In short: Chrome’s built-in whitelist is adequate for “Clear on exit” users. Guardian’s whitelist is the upgrade for users who want per-tab cleanup, broader storage coverage, wildcard support, and cross-device sync.

Feature	Chrome built-in whitelist	CookieVault Guardian whitelist
Exempts from “Clear on exit”	Yes	N/A (Guardian is per-tab)
Exempts from per-tab auto-delete	No	Yes
Subdomain inheritance	Manual ([*.] prefix)	On by default
Wildcard patterns	No	Yes (*.googleapis.com etc.)
Greylist (session-only)	No	Yes
Covers localStorage / IndexedDB	No	Yes
Cross-device sync	No	Yes (Pro)
Export / Import	No	Yes (JSON)

Method 1: Chrome built-in whitelist

In short: Settings → Privacy → Cookies → “Sites that can always use cookies” → Add. Works for “Clear on exit” exemption; does not work with per-tab extensions.

Eight steps:

Open Chrome Settings (three-dot menu → Settings)
Navigate to Privacy and security → Cookies and other site data
Scroll to “Customized behaviors”
Click “Add” under “Sites that can always use cookies”
Enter the domain with [*.] prefix for subdomain inheritance (e.g., [*.]example.com)
Save
Repeat for email, bank, code host, work tools, password manager
Test: enable “Clear on exit,” close Chrome, reopen — whitelisted sites should remain logged in

Limitation: this whitelist only affects Chrome’s own “Clear on exit” and third-party cookie blocking. It does not exempt domains from per-tab auto-delete extensions like Guardian.

Method 2: CookieVault Guardian whitelist

In short: Install Guardian → visit site → click toolbar icon → “Add to whitelist.” Subdomain inheritance is on by default. Wildcard patterns for advanced rules. Greylist for session-only keep.

Six steps:

Install CookieVault Guardian from the Chrome Web Store
Visit a site you trust (Gmail, GitHub, your bank)
Click the Guardian toolbar icon → “Add to whitelist”
The domain and its subdomains are automatically exempted from tab-close cleanup
For advanced rules, open Settings → Whitelist and add wildcard entries (e.g., *.googleapis.com)
Use the greylist button for sites you want to keep this session but clean next time

Recommended starter whitelist

A five-entry baseline that covers most users:

Primary email (Gmail / Outlook / Proton)
Code host (GitHub / GitLab)
Work tools (Linear, Notion, Slack, Figma — whichever you use)
Bank
Password manager web UI (1Password / Bitwarden)

Everything else: clean on tab close (Guardian) or clean on browser exit (Chrome built-in).

How to whitelist cookies in Chrome

Two approaches compared

Method 1: Chrome built-in whitelist

Method 2: CookieVault Guardian whitelist

Recommended starter whitelist

See also