By default the option "accept cookies only from sites you navigate to" is selected. However, there seems to be an issue with handling sites that are not .com. Problem happens when an iframe from subdomain tries to set a cookie.
http://www.somesite.com/page.html has an iframe with an address http://engine.somesite.com/iframe.html and tries to set a cookie for domain engine.somesite.com
This will work correctly. But if instead of ".com" the site is in ".ca" or ".nl" or anything else, the cookie from http://engine.somesite.ca/iframe.html will be rejected.
This issue is present in Safari on PC and Mac platforms.
This is not an issue in open source WebKit, so it needs to be filed to <htto://bugreport.apple.com> for Apple engineers working on the closed source system libraries responsible for this to take a look. Closing as INVALID per our process.