A partial archive of discourse.wicg.io as of Saturday February 24, 2024.

“Security: high” header


Meltdown and Spectre cannot be properly fixed. The proper fix requires a different design of processors that does not rely on speculative code execution as a starter for performance gains. Running processes on different physical cores does help to properly mitigate Spectre. But there are only so many cores a CPU has.

New headers for labeling the sensitivity/security requirement of page should be made. Some sites/apps like banking, shopping need very high security.

Websites should have new headers to indicate the user’s agent to take appropriate steps.


That would imply that sites without this header would not receive that security.

Modern browsers now do Site Isolation for all sites by default.


Agree. This needs to be done at the browser level, for every website.