In your wiki you describe that uMatrix prevents cookies from LEAVING the browser. This is not correct in all situations. If JavaScript is enabled for a website, "special" scripts can read the related domain cookies and send the content to the server. If the cookie data are transmitted in custom data structures in the HTTP body or maybe custom HTTP headers, uMatrix can't do anything about it.

From my perspective there are 2 possible options:

1. This behavior is intended and the wiki text should be updated to cover this fact. In this case it would also be interesting why this is intended, because it looks like a potential weak point.
2. uMatrix should be changed to prevent cookies from ENTERING the browser. That means the cookie should not be persisted.

What do you think?