We should block requests from HTTP/HTTPS documents that target "legacy" schemes (e.g. "ftp://my-awesome-ftp-server.com/yay.tiff"). That is, the `ftp://` image referenced in https://jsbin.com/petonig/edit?html,output would not load, as the document itself is not served from `ftp://`.