1. 17
  1.  

  2. 18

    I can’t take this seriously if something as basic as “Uses Javascript” (literally any Javascript) carries a bigger penalty than not using HTTPS.

    1. 9

      Come to think of it, a nice addition to the HTML-standards would be to allow adding an “optional” tag to <script> elements, indicating that a script is optional and can be ignored without breaking the site. Then users could choose in their settings if they want to allow optional Javascript or not.

      1. 3

        Don’t you think that would cause lots of sites setting their tracking scripts as non-optional?

        1. 4

          Of course, but that wouldn’t be any different from today (every <script> is non-optional today). I get your point though and there probably have to be other approaches to this issue.

          1. 1

            Taken from a performance perspective, however, this may actually be a good idea. Users could opt out of optional javascript if they’re internet service was slow.

        2. 1

          IMHO every <script> element should be optional. Of course that can’t work with everything (web apps need JS to even blink) but any forum/blog/wiki/whatever should be able to live without some fancy script hiding some reloads.

          1. 2

            I totally agree with you, but the web is a sucky place and the majority of web developers is not accustomed to the art of making websites which work with and without Javascript. In my opinion, this is a sad situation.

      2. 3

        What are the privacy implications of not using frame options header?

        1. 2

          It avoids clickjacking, also it has apparently been obsoleted, but I guess it’s nice to keep it around for older browsers.