Not sure which comment you wanted to leave a reply. If you refer to cookies, in the case of Lax and Strict they won't be sent to the attacker's website if we, for example, inject an image with the attackers URL as the source. That's because it's not considered a first level navigation event.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.