Figure 4

The sequence diagram for reading of XDC cookies. Prior to sending the user’s request, the browser looks up missing authorizations (if any) in the DNS. Then the request is sent along with XDC cookies. The server may provide additional authorizations in order to receive XDC cookies it expected but did not receive (step 4). Having received an XDC response in step 5, the server responds with data. Steps 4 and 5 should not be needed for user requests requiring preflight authorizations.