[catern]

Hm, I wonder if this could be circumvented by doing timing attacks against the CDN cache? That's still shared between domains...

[jakelazaroff]

It is not:

https://developers.google.com/web/updates/2020/10/http-cache...

https://developer.mozilla.org/en-US/docs/Web/Privacy/State_P...

[catern]

That's the cache in the browser, not the cache in the CDN.

[jakelazaroff]

Oh, I see what you’re saying. How could that possibly be exploited for a side channel attack, though? All it would tell an attacker is that someone requested the file before.