In reply to a tweet by really_bz:

@bz_moz see also github.com/w3ctag/securit…