The owner of the polyfill.io domain appears to have changed. The website for the project links to a GitHub repo owned by an individual, but there's no information about governance or any indication that the hosted service is still operated by that individual. The TAG should no longer link to this and should consider it a security risk.
The finding also links to CDNJS, which could be retained, and does seem to have more transparent governance, but overall it seems worth the TAG not endorsing any one site.
The owner of the polyfill.io domain appears to have changed. The website for the project links to a GitHub repo owned by an individual, but there's no information about governance or any indication that the hosted service is still operated by that individual. The TAG should no longer link to this and should consider it a security risk.
The finding also links to CDNJS, which could be retained, and does seem to have more transparent governance, but overall it seems worth the TAG not endorsing any one site.