The `document.domain` setter allows developers to relax the same-origin policy, complicating the fundamental security boundary we aim to maintain, and putting roadblocks in the way of post-Spectre changes to Chromium's process model. We should deprecate it, by making it opt-in via `Origin-keyed agent clusters` (https://chromestatus.com/features/5683766104162304) The setter will remain, but the origin remains unchanged. In that case the compatibility risk is low.
Samples: https://origin-agent-cluster-demo.dev/no-header.html https://origin-agent-cluster-demo.dev/explicit-false.html
Explainers: https://github.com/mikewest/deprecating-document-domain/