annevk
commented
5 years ago https://github.com/whatwg/html/issues/4930 needs something similar I think. In particular determining the secure context state of a response that is being navigated to combined with its future parent document (or null) or some such.
https://github.com/WICG/webpackage/pull/352 would like to figure out if a response is potentially trustworthy. It's straightforward to check if the response's URL or origin is potentially trustworthy, but this differs from the calculation for environment settings objects in that it allows responses with an HTTPS state of "deprecated" and doesn't pay any attention to the sandbox CSP directive.
This spec is a more reliable place to define this than the web packaging spec, since security folks won't think to update that if new information gets added to responses.