On Wed, Aug 12, 2015 at 8:26 AM, Julian Reschke <julian.reschke@gmx.de>
wrote:
> For CSP it's actually critical that we group the policy defined by a
>> single header together as a unit (as `default-src 'none'; script-src
>> 'self'` is _very_ different from `default-src 'none', script-src
>> 'self'`). For `Clear-Site-Data` it isn't (yet?) critical, but following
>> that pattern seems reasonable.
>>
>
> Supporting multiple header fields and commas is get. But why then have ";"
> as well?
>
Because it's not clear to me that we won't want the same behavior that CSP
has.
That is, if I get two headers:
```
Clear-Site-Data: *
Clear-Site-Data: includeSubdomains
```
the current spec will combine them. I'm not sure that's the correct
behavior, and I'd like to make it easy to change our minds before shipping
the feature.
-mike