Алгоритмы серверов, вероятно, сейчас отрабатывают в случае кукоспама медленно
эти запросы не будут обрабатываться сервером из за слишком большого размера
устанавливаются не только владельцем сайта
This restriction on cookie setting at the TLD level has been around since the early days of the web. It exists due to security reasons, both to prevent accidentally retransmitting cookies to 3rd parties, and to help provide some partial protection against cookie stuffing and more general types of session fixation attacks.
This becomes more complicated when we consider many countries use second-level domains (e.g., .co.uk, .ne.jp) as pseudo TLDs, and have few or no restrictions on who may register subdomains.
To address that issue, for many years browser vendors used internally-maintained lists of public domains, regardless of what level they fall in the DNS hierarchy. Inevitably this led to inconsistent behavior across browsers at a very fundamental level.
The Mozilla Foundation eventually began a project known as the Public Suffix List, publicsuffix.org/ to record all of these public domains and share them across browser vendors. Beyond Mozilla Firefox, Google and Opera have both incorporated this list into their browsers.