Verify that 301 redirects are not cached cross-domain
Chiiph pointed me at: http://www.scatmania.org/2012/04/24/visitor-tracking-without-cookies/
That url describes a technique to perform third party tracking using 301 redirect caching. Based on my read of nsHttpChannel, it looks like the redirect cache information comes directly from mCacheEntry, which is retrieved using the same cacheDomain isolation we use to isolate the cache for JS, HTML, and CSS to first party domain.
However, there could be some other reference table that is used that I'm not seeing. It wouldn't be the first time something crazy like that has happened.
Unfortunately, their test is offline, and it also only tests a single first party domain.. We should test this cross-domain and make sure it is in fact isolated.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information