In one extension (Switch to Previous Active Tab), I’m displaying a popup with site icons for recently accessed tabs (tab.favIconUrl).
I was surprised to see in the Browser Console that requests are being sent to sites for these icons, rather than what I expected, which was that they could be pulled from the cache (considering that they are already displayed on tabs). I noticed that cookies were sent with some of the requests, so it appears that even though this is a privileged page, there is some interaction with stored site data.
Q: What is the context for these requests? Is it distinct from user session data?
I’d like to respect privacy, but it’s also nice to be able to show site icons. As a precaution for the time being, I decided not to show icons for private window tabs because I don’t want to cross over private session hosts and regular session hosts.
However, I subsequently found other tab listing extensions that don’t bother with this distinction (e.g., Fast Tab Switcher and Saka).
Hence my question: are inline image requests from extension pages isolated in a special context separate from regular session data?