[kpdemetriou]

Regarding #3, you'll need to load the immutable URL, perhaps indirectly, from someplace that ultimately has a user-facing URL. If an attacker can modify content in transit, then they can modify the content under the user-facing URL to bypass this scheme.

[SheinhardtWigCo]

The idea is that the immutable URL serves the entire app. Then if your threat model calls for it, you can bookmark the URL to "pin" that version of the app, or send the URL to someone else and be sure that they're getting served with the same code as you. Sort of like an onion URL.