RequestPolicy is a Firefox extension that gives you control over cross-site requests. --- Be sure to look at the dev-1.0 branch as that's where all of the interesting work is happening. See also: https://www.requestpolicy.com/1.0.html
I don't know if this is related to the previous extension conflict with HTTPS-Everywhere, in which RequestPolicy was blocking things when it shouldn't have been - this is rather the opposite problem.
The status bar shows several requests being made to gs1.wac.edgecastcdn.net. The Request Log does not show any of these, and RequestPolicy does not block them.
After investigating more closely, each of the edgecast requests (over HTTPS) correspond to a request over HTTP to another tumblr domain - which does appear in the request log - for instance
The requests to edgecastcdn.net turn out to result from HTTPS-Everywhere's "Tumblr (partial)" ruleset. These third-party requests - which seem only to be to download avatars - aren't really what I'd have considered essential, but due to the extension conflict RequestPolicy is completely unable to stop them.
This isn't likely to lead to a widely exploitable loophole for ad companies and trackers, since it's only domains in the HTTPS-Everywhere rulesets that slip through the net like this, but it still meant a bunch of requests were being made to a third-party domain that I didn't even have the option to block.
I don't know if this is related to the previous extension conflict with HTTPS-Everywhere, in which RequestPolicy was blocking things when it shouldn't have been - this is rather the opposite problem.
To reproduce: Open a Firefox window (you'll need RP and HTTPS-Everywhere installed.) Click on the red flag, and choose to "Show Request Log" Go to http://lookuplookup.tumblr.com/post/907861071/yeah-i-think-that-your-thoughts-on-riot-grrl-should-be
The status bar shows several requests being made to gs1.wac.edgecastcdn.net. The Request Log does not show any of these, and RequestPolicy does not block them.
After investigating more closely, each of the edgecast requests (over HTTPS) correspond to a request over HTTP to another tumblr domain - which does appear in the request log - for instance
https://gs1.wac.edgecastcdn.net/8019B6/data.tumblr.com/avatar_025b2a150fd2_24.png http://24.media.tumblr.com/avatar_025b2a150fd2_24.png
The requests to edgecastcdn.net turn out to result from HTTPS-Everywhere's "Tumblr (partial)" ruleset. These third-party requests - which seem only to be to download avatars - aren't really what I'd have considered essential, but due to the extension conflict RequestPolicy is completely unable to stop them.
This isn't likely to lead to a widely exploitable loophole for ad companies and trackers, since it's only domains in the HTTPS-Everywhere rulesets that slip through the net like this, but it still meant a bunch of requests were being made to a third-party domain that I didn't even have the option to block.