The Provisional headers are shown message is shown in Request Headers because the headers displayed in DevTool are not the actual headers sent to the server. This may be caused by several reasons: AdBlock, Cache is used, request pending etc. You can check "CAUTION: provisional headers are shown" in Chrome debugger for some previous discussion.
So how does youtube even tell what the current user is? The request header is pretty much empty.
It's not empty, the headers are just not displayed in DevTool.
So does that mean, all my browser cookies related to this site is sent together with the HTTP request each time a request is made?
Not exactly. It depends on the cookie's domain and path. If the cookie's domain match the HTTP request's host, and its path match the HTTP request's URL path, the cookie will be sent to server. Otherwise, it will be ignored in the HTTP request.
For example, there are 3 cookies:
- Cookie A, whose
domain is example.com, path is /.
- Cookie B, whose
domain is test.example.com, path is /.
- Cookie C, whose
domain is example.com, path is /list.
When a request is sent to http://example.com/news, only Cookie A is sent to server, Cookie B and C will be ignored.
