For the past three years I have maintained a browser extension that I publish to both the Firefox and Chrome web stores. I recently received an automated email from the Chrome web store overlords who had decided I was violating the “Use of permissions” policy by requesting the cookies permission “without using it”. Here is a snippet from the manifest.json for my extension: { "permissions": [ "activeTab", "contextMenus", "notifications", "cookies", "https://<SPECIFIC_WEBSITE_RUN_BY_ME>/" ] } I request the cookies permission for https://<SPECIFIC_WEBSITE_RUN_BY_ME>/ so that I can transparently use the cookie set by that website when the user logs in to send authenticated HTTP requests from the extension.