I have no idea how feasible this idea is, but it would be useful if we could treat requests to domains owned by the 1st party, as 1st party requests (or possibly a new row in the matrix). So for example on YouTube, requests to any domains owned by Google Inc could be acted upon as one, perhaps to allow by default.
A good source for this would be the public key certificate for HTTPS requests. Another possibility might be IP WHOIS; I don't know how fast and reliable that would be.
Actually I already noticed an issue here: Google does not supply ownership information in its certificates, instead acting as its own verifier. So for example YouTube has no listed owner but is verified by Google Inc, whereas GitHub is listed as owned by GitHub Inc and verified by DigiCert Inc. Perhaps special cases can be coded in, where the verifier is taken as the owner in cases like Google.
dag
commented
7 years ago
I have no idea how feasible this idea is, but it would be useful if we could treat requests to domains owned by the 1st party, as 1st party requests (or possibly a new row in the matrix). So for example on YouTube, requests to any domains owned by Google Inc could be acted upon as one, perhaps to allow by default.
A good source for this would be the public key certificate for HTTPS requests. Another possibility might be IP WHOIS; I don't know how fast and reliable that would be.
Actually I already noticed an issue here: Google does not supply ownership information in its certificates, instead acting as its own verifier. So for example YouTube has no listed owner but is verified by Google Inc, whereas GitHub is listed as owned by GitHub Inc and verified by DigiCert Inc. Perhaps special cases can be coded in, where the verifier is taken as the owner in cases like Google.