When cookies are blocked for a site, if you right click and view page source, the site is not blocked from reading your cookies during the request that's made.

Browser: Firefox 58.01 64-bit, also tested on Waterfox 56.0.4.1 64-bit
uMatrix Version: 1.3.2

Steps to reproduce:

1. Have a cookie in your browser that keeps you logged into github
2. Block cookies for github
3. Go to github.com
4. The page should not have any indication of being logged in or what your username is, as expected.
5. Right click and view source
6. Do a ctrl+f search for your github username in the source code
7. Observe that this source code is the source code for a logged-in page, and contains your username
   Optional: Delete the cookies for github. Go to github.com and view page source. Do a ctrl+f for your username, observe that it is not found.
   Optional: In the view-source page, open the network tab in the inspector and reload in order to gather the request activity. Observe in the request header that cookies are sent.

Doesn't happen on Chromium 66.

Browser issue: the view-source:-linked request does not go through uMatrix's webRequest listener. Report to browser devs: https://bugzilla.mozilla.org/.

Alright, I opened a bug report at https://bugzilla.mozilla.org/show_bug.cgi?id=1439163
I tried my best as I'm not familiar with extension internals