Previously, Firefox was improperly allowing whitespace characters to be stored in cookie names in violation of RFC 6265. This behaviour was considered as a moderate security issue, because such an implementation error could lead to incorrect cookie handling by Web servers.
encodeURIComponent method before being stored with the
Update: Due to some broken applications, this change has been reverted with Firefox 44.0.1. While spaces are allowed again for interoperability, control characters will remain prohibited to prevent potential security issues.