1. Under privacy settings choose:
-Allow from current website only OR Allow from websites I visit
2. Confirm third-party cookies are disabled by visiting: https://alanhogan.github.io/web-experiments/3rd/third-party-cookies.html
3. Create a page on domain1.com that embeds a <video src="http://domain2.com"> and notice that domain2.com Cookies are sent with the request.
This behavior differs from both Firefox and Chrome which deny the cookies being sent.
domain2.com Cookies should not be sent.
I've documented a real world scenario in this blogpost: https://tedpiotrowski.svbtle.com/broken-video-attachments-in-gmail
My apologies if this behavior is intentional to prevent user pain/confusion.