Malicious sites can automatically and silently determine if you are logged into some particular site of attacker's interest. Malicious sites can send cross sites request and use HTTP status code in the response to identify whether user is logged into the victim site or not.
For example, HTML SCRIPT tag fires "onload" event if HTTP response from a victim server contains a 200 HTTP status code. And fires "onerror" event if the HTTP response from victim server contains one of 403, 404, 406 or 500 HTTP status code.
This attack was discovered by Mike Cardwell.https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information
Above link provides good explanation of HTTP status code abuse with the help of examples.
The sole aim of this extension is to prevent an HTTP status code abuse to protect a user privacy. This extension works in background and does its job. It doesn't need any user interaction.