This page requests a resource on another domain that typically sets a counter Cookie. But, since the request is made without setting the withCredentials flag to true, you can see that the resource is visited without sending the counter Cookie. This shows that XMLHttpRequest makes cross-site requests without Cookies by default, and that in order to make those requests with Cookies, you have to explicitly set the withCredentials flag.

This XHTML document GETs another resource using cross-site XHR, but does NOT set the withCredentials flag. If you get a response back, the content of that response should reflect no Cookies being sent, since the code on this page does NOT set withCredentials flag. Contrast this with a credentialed request.