[th3l3mons]

The other side I would pose is: do you want anyone to alter your responses? I'm currently trying to find the RFC, but I recall an ISP defining an RFC for tampering with HTTP responses in-transit. In addition, I also recall seeing Comcast (I believe) injecting JS to users that they are approaching their plan limits.

Obviously, not the end of the world. But do you want any third party to easily alter the response from your server to the client(s)?

[Aaron1011]

I believe you're think RFC 6018: https://tools.ietf.org/html/rfc6108

Related HN discussion: https://news.ycombinator.com/item?id=15890551

[squeaky-clean]

> In addition, I also recall seeing Comcast (I believe) injecting JS to users that they are approaching their plan limits

This has happened to me. Re-installed Windows on my gaming computer and re-downloaded all my games. By the time I hit 900GB usage, any HTTP page would display a popup with "You have 100GB of data left".

I thought it was malware on the website trying to phish me the first time I saw it.

[lostapathy]

Exactly this. If you can't imagine the harm in that - pretend they are injecting NAMBLA ads or Goatse-type images into your blog.

[saryant]

I've also seen airlines do this with their in-flight wifi. Looking at you, Icelandair.