"Security: high" header


#1

Meltdown and Spectre cannot be properly fixed. The proper fix requires a different design of processors that does not rely on speculative code execution as a starter for performance gains. Running processes on different physical cores does help to properly mitigate Spectre. But there are only so many cores a CPU has.

New headers for labeling the sensitivity/security requirement of page should be made. Some sites/apps like banking, shopping need very high security.

Websites should have new headers to indicate the user’s agent to take appropriate steps.


#2

That would imply that sites without this header would not receive that security.

Modern browsers now do Site Isolation for all sites by default.


#3

Agree. This needs to be done at the browser level, for every website.