* Check where the following:
* HSTS
** DoS ** Child can alter entries in HSTS cache. The child must in order to process headers. See above. The child probably doesn’t have to do this, but likely can.** Key Pinning ** Pin a malicious certificate to bypass protection ** As above
* <keygen> happens in the child, going away hopefully?
* Client certificate UI?
