Do browsers explicitly and generally forbid any http requests done by origin containing the “Cookie” header ?
I thought it was possible to manipulate the Cookie header in a request coming from fetch or any other 3rd party library in the client side.
Thanks