If you have a moment would you mind explaining what the error actually does if it doesn't stop the cookie from getting stored on a browser?
A Munchkin-logged activity requires at minimum 3 network requests:
- The Munchkin bootstrapper JS - a tiny script that manages Munchkin versions and sets up an event stack.
- The Munchkin core JS - the bulkier library that sets up the actual event listeners on the page, and sends requests for the tracking pixel.
- The tracking GIF - by default, the pixel is loaded w/Visit Web Page parameters as soon as script #2 above is loaded.
#1 and #2 load from munchkin.marketo.net, #3 from a subdomain of mktoresp.com.
The tracking cookie is created on the client side by #2 (it has to be, as it must exist before the activity is logged).
The pixel is loaded via XHR (Ajax) in late-model browsers. Those browsers check after the pixel request has been sent and received -- known as a non-preflighted request -- to see if the remote origin (mktoresp.com in this case) has indicated that the response (the GIF) is permitted to be read by the requester. It uses the Access-Control-Allow-Origin header from the response to determine this permission. Your extension is tampering with the A-C-A-O header.
.png)