A lot of web-content these days passes thru untrusted intermediaries, especially plain text traffic which is often intercepted by ISP proxies for caching (and other purposes ;) ). A compromise at these places can subject your users to malicious payload, mostly in the form of javascript. The obvious solution to these issues is to use TLS i.e. https:// sites, which is more accessible these days thanks to Lets Encrypt. But even this does not give complete end-to-end coverage because many sites u...
