@blacklight447 Wouldn't there still be possible websocket / useragent / xmlhttpreq / css attacks possible?