I know one thing I would like is Cloudflare doing something magical with Sub Resource Integrity.
Maybe if the source HTML specifies a SRI string, check that the hash in the HTML matches the hash of the resource before allowing it in your cache for that website. If it doesn't match, don't cache that resource and don't serve it.
This would allow sites to enable and enforce SRI without browser support.
I know one thing I would like is Cloudflare doing something magical with Sub Resource Integrity.
Maybe if the source HTML specifies a SRI string, check that the hash in the HTML matches the hash of the resource before allowing it in your cache for that website. If it doesn't match, don't cache that resource and don't serve it.
This would allow sites to enable and enforce SRI without browser support.