A Site is a set of origins that share a registrable domain. https://example.com https://mikewest.github.io https://www.example.com https://sub.example.com https://sub.sub.example.com https://w3c.github.io
XSSI Status-Quo Mitigations Serve static JavaScript. Make dynamic secrets difficult to execute, by: 1. Prefixing responses with )]}'\n. 2. Serving non-script responses (like HTML documents) with a non-script MIME type and X-Content-Type-Options: nosniff.
Site Isolation (More details in the aforementioned talk tomorrow morning at 10:40, and in Parisa's closing keynote at 10:50 Wednesday) https://goo.gl/1p44Yt