A partial archive of discourse.wicg.io as of Saturday February 24, 2024.

“Security: high” header

OpenLocationServices
2018-08-27

Meltdown and Spectre cannot be properly fixed. The proper fix requires a different design of processors that does not rely on speculative code execution as a starter for performance gains. Running processes on different physical cores does help to properly mitigate Spectre. But there are only so many cores a CPU has.

New headers for labeling the sensitivity/security requirement of page should be made. Some sites/apps like banking, shopping need very high security.

Websites should have new headers to indicate the user’s agent to take appropriate steps.

Androbin
2018-09-02

That would imply that sites without this header would not receive that security.

Modern browsers now do Site Isolation for all sites by default.

marcosc
2018-09-04

Agree. This needs to be done at the browser level, for every website.