- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 8 Jun 2015 21:42:53 -0700
- To: "Nottingham, Mark" <mnotting@akamai.com>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, Anne van Kesteren <annevk@annevk.nl>, WebAppSec WG <public-webappsec@w3.org>, WebApps WG <public-webapps@w3.org>
On 8 June 2015 at 21:30, Nottingham, Mark <mnotting@akamai.com> wrote: > A header denoting site-wide metadata would work for this too, of course, if folks were comfortable with the security properties of doing that (as well as the potential response overhead). The security properties bother me a little. Alt-Svc is showing us that we can't just define a header field like that without some serious analysis.
Received on Tuesday, 9 June 2015 04:43:22 UTC