NEL is supported by most Chromium browsers. I suspect that a malicious backend C embedding a subresource in site A and B could join a user as having been on A and B without A and B ever knowing (since NEL is not reported to top-level for subresource load failures).
NEL is supported by most Chromium browsers. I suspect that a malicious backend C embedding a subresource in site A and B could join a user as having been on A and B without A and B ever knowing (since NEL is not reported to top-level for subresource load failures).