New comment by daxterspeed in "A new security header: Feature Policy"

I understand your sentiment but I do wonder what the extent would actually be. The largest website are more than capable of adapting, and older sites are more likely to either not use any JavaScript or only accept http traffic (which is already a lost cause). I suppose the ones would take the biggest hit would be the people running WordPress blogs with various (already insecure) site plugins.

Suppose if these security changes would slowly get imposed over all https traffic in a coordinated fashion among the major browser vendors over a large time span? https requires some periodic maintenance anyway, so it shouldn't add an unreasonable workload.

I worry that this isn't happening because the ad industry (including Google) doesn't want to take responsibility over distributing untrustworthy and insecure code.

from Hacker News: "WordPress" comments https://ift.tt/2Ov7Uju
via IFTTT