What is 'Fireproofing' in DuckDuckGo and how does it affect cookies and site logins?
Executive summary
Fireproofing in the DuckDuckGo mobile browser is a user-controlled exception that keeps a site's first‑party cookies and local storage from being erased when the browser's one‑tap "Fire Button" clears browsing data, allowing users to remain logged into sites that would otherwise be signed out [1] [2]. The feature is intentionally narrow — it exempts only certain site data from the Fire Button purge while DuckDuckGo continues to block third‑party trackers — and reporting about it ranges from accurate how‑to guides to speculative claims that overstate unrelated security guarantees [1] [3] [4].
1. What Fireproofing actually does: preserves first‑party cookies and storage
Fireproofing marks a specific site as partially immune to the Fire Button so that "1st‑party cookies and storage" for that site are not removed when the Fire Button is used, which is why a fireproofed site can keep a user signed in across Fire Button purges [1] [2]. DuckDuckGo’s help pages explicitly list that Fireproof Sites retain 1st‑party cookies and storage that the Fire Button would otherwise clear, while noting that some other items (bookmarks, downloaded files, DuckDuckGo settings) are never cleared by the Fire Button anyway [1].
2. What Fireproofing does not do: it’s not a universal whitelist or a tracker blocker bypass
Fireproofing is not an across‑the‑board disabling of DuckDuckGo’s privacy protections; the browser still blocks third‑party trackers and applies its tracking protections even when an individual site is fireproofed, because the feature is described as selectively preserving the site’s own first‑party data rather than turning off tracker blocking [1] [5]. Claims that Fireproofing provides new encryption, document safes, or expanded secure‑search functionality are unsupported by DuckDuckGo’s documentation and reflect confusion or incorrect extrapolation in some secondary reporting [4].
3. How users enable and manage Fireproof Sites in practice
Users can add a site to the Fireproof list from the DuckDuckGo app while visiting that site — for example via the site menu — and the browser will typically offer to fireproof after a sign‑in; settings also allow managing the Fireproof Sites list and toggling automatic tab/data clearing on restart [6] [2] [1]. Reviews and how‑to guides consistently describe the flow: sign into a site, accept the prompt or use the menu option to "Fireproof This Site," and later remove it from settings if desired [2] [6] [7].
4. Practical effects on logins, convenience, and privacy tradeoffs
The functional payoff is convenience: a fireproofed login survives a Fire Button purge so users who want a single‑tap privacy reset without repeatedly typing passwords can have both behaviors — global clearing for everything else and persistent logins for chosen sites [1] [2]. That convenience is also the tradeoff: preserving first‑party cookies necessarily keeps some site‑specific state that could be used for profiling or session tracking by that site, so users must choose which sites to exempt based on their threat model (p1_s2; reporting notes feature purpose but leaves individual risk assessments to users) [2].
5. How reporting diverges and what to watch for
Consumer guides and reviews uniformly describe Fireproofing as an exclusion from the Fire Button purge [2] [5], but some web pages amplify or misattribute features (for instance suggesting unrelated encryption or "document safe" capabilities) that DuckDuckGo’s documentation does not claim; those are signs to prefer primary sources like DuckDuckGo’s help pages when assessing functionality [1] [4]. In short, Fireproofing keeps site cookies and storage across Fire Button wipes to preserve logins, it’s configurable from the app, and it does not disable DuckDuckGo’s wider tracking protections — but users must weigh the convenience against leaving some site state intact [1] [2] [5].