Microsoft "Privacy, Add-ons, and Cookie-less HTTP Requests"

The IE team clarifies a "recent article" "that incorrectly suggested that Internet Explorer add-ons must send & store cookies when making HTTP requests. That's simply not true-- IE APIs enable add-ons to respect user's privacy and not leak information. Existing APIs are available to add-ons running in any version of IE to accomplish task described […]

The IE team clarifies a "recent article" "that incorrectly suggested that Internet Explorer add-ons must send & store cookies when making HTTP requests. That's simply not true-- IE APIs enable add-ons to respect user's privacy and not leak information. Existing APIs are available to add-ons running in any version of IE to accomplish task described in the article. An add-on using WinINET to issue HTTP requests can suppress default cookie behavior by passing flag INTERNET_FLAG_NO_COOKIES, which'll suppress automatic sending and storage of cookies. If add-on wants to use a higher-level construct and server supports Access-Control, IE8 offers XDomainRequest object which suppresses cookies and authentication automatically. If add-on is hosting a Web Browser Control, it can implement an IInternetSecurityManager and/or WinINET Privacy functions for fine-grained control over cookie behavior. Alternatively, add-on could choose to make its HTTP requests using WinHTTP (which doesn't support automatic handling of cookies at all)," writes Eric Lawrence.

[Source]