Bug 1483888 [wpt PR 12526] - Sec-Metadata: Remove the 'target' attribute., a=testonly
authorMike West <mkwst@chromium.org>
Fri, 17 Aug 2018 22:04:59 +0000
changeset 487496 a45422b17dbfe63aa5a31b19b468ca6449de0ced
parent 487495 e5d30de2a4c1b8f22e191e2938cc713f90144626
child 487497 ff38da9052f5ae4145ae541ba22875b737a009bc
push id9719
push userffxbld-merge
push dateFri, 24 Aug 2018 17:49:46 +0000
treeherdermozilla-beta@719ec98fba77 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1483888, 12526, 861678, 843478, 1172137, 583605
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1483888 [wpt PR 12526] - Sec-Metadata: Remove the 'target' attribute., a=testonly Automatic update from web-platform-testsSec-Metadata: Remove the 'target' attribute. This patch removes the 'target' attribute by replacing it with a new 'destination' value that distinguishes between top-level and nested navigations. Spec: https://github.com/mikewest/sec-metadata/commit/de7530709176c56956a5f696b52244f25f86e4fd Bug: 861678, 843478 Change-Id: I2bf5df1b93fb2c7c341cbe6da30d99bb19d40626 Reviewed-on: https://chromium-review.googlesource.com/1172137 Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Philip J├Ągenstedt <foolip@chromium.org> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#583605} -- wpt-commits: 7dbb4b66740563687a254b8e4cd8f36ac836d48f wpt-pr: 12526
testing/web-platform/meta/MANIFEST.json
testing/web-platform/tests/fetch/sec-metadata/embed.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/fetch.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/font.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/iframe.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/img.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/object.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/report.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/resources/echo-as-json.py
testing/web-platform/tests/fetch/sec-metadata/resources/echo-as-script.py
testing/web-platform/tests/fetch/sec-metadata/script.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/serviceworker.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/sharedworker.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/style.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/track.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/window-open.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/worker.tentative.https.sub.html
testing/web-platform/tests/fetch/sec-metadata/xslt.tentative.https.sub.html
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -586322,93 +586322,93 @@
    "faaee86734e93bb514095e34671a57e00bcbcd98",
    "testharness"
   ],
   "fetch/sec-metadata/README.md": [
    "c460aa1ecb941118b6999209ba4601eb145a61b9",
    "support"
   ],
   "fetch/sec-metadata/embed.tentative.https.sub.html": [
-   "70accac9ef90fce705a177c22a4a1027bdb21ad5",
+   "745ef42d484f5258f46ffc6ee9447fe5d8d3c142",
    "testharness"
   ],
   "fetch/sec-metadata/fetch.tentative.https.sub.html": [
-   "7a2c223d07112b38dd8053b07f44e7c4ac720161",
+   "12072476bebb693233a4cbffcb71019b1d1d5a91",
    "testharness"
   ],
   "fetch/sec-metadata/font.tentative.https.sub.html": [
-   "679ff81c0edcf24a454d0117f1eef4800e9f994e",
+   "65432b5bacf3bddf8d5cbaad74bdbaf5e63fb44e",
    "testharness"
   ],
   "fetch/sec-metadata/iframe.tentative.https.sub.html": [
-   "5b56c62ad71316c6c820d2cdfe2023c91c5a9da7",
+   "8d89cda8936cc33a22e0899a2c8b3560b7ef20bd",
    "testharness"
   ],
   "fetch/sec-metadata/img.tentative.https.sub.html": [
-   "7c5cbc34bfd5af975b534e75f3fa2383d6b594aa",
+   "20701a6514653f86e33b3cdf700ecd0628097d6c",
    "testharness"
   ],
   "fetch/sec-metadata/object.tentative.https.sub.html": [
-   "7bd2504610bffe25b19ac9d797623bff1ab6f73c",
+   "e1ac53157e023a9c6bc4806feda2e782ef4eefa5",
    "testharness"
   ],
   "fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html": [
-   "37b75f2fd9174f3c9cbeb10600b043010d3b6260",
+   "e25fd3f61d5487de6026a0204f107201f491afad",
    "testharness"
   ],
   "fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html": [
-   "2af262e78a5961717d38dd36bde7b402c8660255",
+   "ac5982d8956c96cd638c2464ec9f8cce3f7e3a34",
    "testharness"
   ],
   "fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html": [
-   "7705449609a5e7e8595ccae6714ea3c9916ba232",
+   "5b3b965f5e96d75f93796e55e77cfac94de18a52",
    "testharness"
   ],
   "fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html": [
-   "5a76bc97680a08ab86b7bc70ac2eac439dd173d9",
+   "ea6b167673f5e64396db4690abde56253e8af914",
    "testharness"
   ],
   "fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html": [
-   "3735c5fc96bb5008ddf038a5a3d9de07f8cbb53f",
+   "430990a57c48b858fdc509653c0b689abcedcc6d",
    "testharness"
   ],
   "fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html": [
-   "1e247523f4082604ddc9fbcf8275014b7b616557",
+   "591cf67d18111592a5e696e346371a88770bdb32",
    "testharness"
   ],
   "fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html": [
-   "986e3f3975698c8d8f718fa50e2bc7a483d0f03e",
+   "8592d02c269b6afc4193f4323238b68d8fc26979",
    "testharness"
   ],
   "fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html": [
-   "dbe3fea93e93301d75c340d182fbd1a5b217a9ad",
+   "191dbaa7f77a3ac569b37e95e2db9f2ac4985a3e",
    "testharness"
   ],
   "fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html": [
-   "c6437f05682c45331169b9f41a03c09bdeb5dc8e",
+   "11d60473981cf056ebc56b15905f27c070dad9c8",
    "testharness"
   ],
   "fetch/sec-metadata/report.tentative.https.sub.html": [
-   "d82dab9820112a610be07a3a11004fa8293b9376",
+   "279836457ebe72354ec68525bd92bc533b11b0dd",
    "testharness"
   ],
   "fetch/sec-metadata/report.tentative.https.sub.html.sub.headers": [
    "5c8bc58ad472ed9de841491df4e3e9e26e2e1c70",
    "support"
   ],
   "fetch/sec-metadata/resources/dedicatedWorker.js": [
    "18626d3d8458b967829b724fabebc10e939b62a9",
    "support"
   ],
   "fetch/sec-metadata/resources/echo-as-json.py": [
-   "a45bb68654618fa95f0fa3266be6412612750b57",
+   "16cc67774f76347e5c71220f590a82a37302cff0",
    "support"
   ],
   "fetch/sec-metadata/resources/echo-as-script.py": [
-   "c503822d5c605de0141e7e5316182519b6adc740",
+   "c1c6a4673acfbda17e2a7045a304a30082288d1d",
    "support"
   ],
   "fetch/sec-metadata/resources/helper.js": [
    "cbd96d06863427f34d75d0621839bcfe76c7ad96",
    "support"
   ],
   "fetch/sec-metadata/resources/post-to-owner.py": [
    "fe08cd1cbcaa4585fb3be0ce0ee33e7d75759129",
@@ -586422,45 +586422,45 @@
    "5eb89cb4f68a098154cf3605f53318af2f5e56f1",
    "support"
   ],
   "fetch/sec-metadata/resources/xslt-test.sub.xml": [
    "4beb9af8d282f2672ab08c4c369d1fe0b061e80f",
    "support"
   ],
   "fetch/sec-metadata/script.tentative.https.sub.html": [
-   "6f86e87c5388bc8962feec80a67f9ab4413b4ff8",
+   "643e11827f565ad11416589ae601d18cd8008239",
    "testharness"
   ],
   "fetch/sec-metadata/serviceworker.tentative.https.sub.html": [
-   "25e8f67a778cf3a9685fc683161d9c3e2d30e55a",
+   "9d1fe2a3449da49b3b4e167f74e63e815ef5cf6c",
    "testharness"
   ],
   "fetch/sec-metadata/sharedworker.tentative.https.sub.html": [
-   "98cb60105b17cb6f19048837979d5bdadc61224a",
+   "aa118e04239691f5488c4d62f3f1cf0ae59e8f1d",
    "testharness"
   ],
   "fetch/sec-metadata/style.tentative.https.sub.html": [
-   "e832b917bc93f9cbace29afe886d836a7f5ba89f",
+   "78fac567b43f3c48c81897b44237d820a6209d8a",
    "testharness"
   ],
   "fetch/sec-metadata/track.tentative.https.sub.html": [
-   "299b53b774848b0d8e2b0a249ba95b6fa99bd2e1",
+   "e89d4745ff2db234e3e49ee28dd8af15acbc9731",
    "testharness"
   ],
   "fetch/sec-metadata/window-open.tentative.https.sub.html": [
-   "1f9df663f1da911a6683ed54649efba0e8df7c85",
+   "3cd6190f944816258b29546ef89ec5947faa035d",
    "testharness"
   ],
   "fetch/sec-metadata/worker.tentative.https.sub.html": [
-   "ac809c6e9631c09e3216bcbd3ab07072c882b874",
+   "eff66fcc7811d9aacced799d6707f8f9edcafa9b",
    "testharness"
   ],
   "fetch/sec-metadata/xslt.tentative.https.sub.html": [
-   "2fe8c917faab0d2d6ea449802862d017f38158b2",
+   "dff996679ff900cf3e3fe82381ef29ea5f5889b5",
    "testharness"
   ],
   "fetch/security/dangling-markup-mitigation-data-url.tentative.sub.html": [
    "f27735daa1dd650726525d72a48b91d58d62535b",
    "testharness"
   ],
   "fetch/security/dangling-markup-mitigation.tentative.html": [
    "61a931608ba5f3dc7f53f3f7a14ef5111737b07d",
--- a/testing/web-platform/tests/fetch/sec-metadata/embed.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/embed.tentative.https.sub.html
@@ -8,17 +8,17 @@
 <script>
   promise_test(t => {
     return new Promise((resolve, reject) => {
       let key = "embed-same-origin";
 
       let e = document.createElement('embed');
       e.src = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"embed", "target":"subresource", "site":"same-origin"};
+        let expected = {"destination":"embed", "site":"same-origin"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))
           .then(_ => resolve())
           .catch(e => reject(e));
       };
 
       document.body.appendChild(e);
@@ -27,17 +27,17 @@
 
   promise_test(t => {
     return new Promise((resolve, reject) => {
       let key = "embed-same-site";
 
       let e = document.createElement('embed');
       e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"embed", "target":"subresource", "site":"same-site"};
+        let expected = {"destination":"embed", "site":"same-site"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))
           .then(_ => resolve())
           .catch(e => reject(e));
       };
 
       document.body.appendChild(e);
@@ -46,17 +46,17 @@
 
   promise_test(t => {
     return new Promise((resolve, reject) => {
       let key = "embed-cross-site";
 
       let e = document.createElement('embed');
       e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"embed", "target":"subresource", "site":"cross-site"};
+        let expected = {"destination":"embed", "site":"cross-site"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))
           .then(_ => resolve())
           .catch(e => reject(e));
       };
 
       document.body.appendChild(e);
--- a/testing/web-platform/tests/fetch/sec-metadata/fetch.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/fetch.tentative.https.sub.html
@@ -5,40 +5,37 @@
 <script>
   promise_test(t => {
     return fetch("https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
         .then(r => r.json())
         .then(j => {
           assert_header_equals(j.header, {
             "cause": undefined,
             "destination": "",
-            "target": "subresource",
             "site": "same-origin"
           });
         });
   }, "Same-origin fetch");
 
   promise_test(t => {
     return fetch("https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
         .then(r => r.json())
         .then(j => {
           assert_header_equals(j.header, {
             "cause": undefined,
             "destination": "",
-            "target": "subresource",
             "site": "same-site"
           });
         });
   }, "Same-site fetch");
 
   promise_test(t => {
     return fetch("https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-json.py")
         .then(r => r.json())
         .then(j => {
           assert_header_equals(j.header, {
             "cause": undefined,
             "destination": "",
-            "target": "subresource",
             "site": "cross-site"
           });
         });
   }, "Cross-site fetch");
 </script>
--- a/testing/web-platform/tests/fetch/sec-metadata/font.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/font.tentative.https.sub.html
@@ -47,17 +47,17 @@
     test_same_site();
     test_cross_site();
   });
 
   function test_same_origin(){
     var same_origin_test = async_test("Same-Origin font");
     same_origin_test.step(function () {
         key = "font-same-origin";
-        expected_same_origin = {"destination":"font", "target":"subresource", "site":"same-origin"};
+        expected_same_origin = {"destination":"font", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();
         same_origin_xhr.open("PUT", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
 
         // Async test step triggered when the response is loaded
         same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
           verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
@@ -65,17 +65,17 @@
         same_origin_xhr.send();
     });
   }
 
   function test_same_site(){
     var same_site_test = async_test("Same-Site font");
     same_site_test.step(function () {
         key = "font-same-site";
-        expected_same_site = {"destination":"font", "target":"subresource", "site":"same-site"};
+        expected_same_site = {"destination":"font", "site":"same-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_site_xhr = new XMLHttpRequest();
         same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
 
         // Async test step triggered when the response is loaded
         same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
           verify_response(same_site_xhr, same_site_test, expected_same_site)
@@ -83,17 +83,17 @@
         same_site_xhr.send();
     });
   }
 
   function test_cross_site(){
     var cross_site_test = async_test("Cross-Site font");
     cross_site_test.step(function () {
         key = "font-cross-site";
-        expected_cross_site = {"destination":"font", "target":"subresource", "site":"cross-site"};
+        expected_cross_site = {"destination":"font", "site":"cross-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         cross_site_xhr = new XMLHttpRequest();
         cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
 
         // Async test step triggered when the response is loaded
         cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
           verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
--- a/testing/web-platform/tests/fetch/sec-metadata/iframe.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/iframe.tentative.https.sub.html
@@ -8,18 +8,17 @@
     let i = document.createElement('iframe');
     i.src = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/post-to-owner.py";
     window.addEventListener('message', t.step_func(e => {
       if (e.source != i.contentWindow)
         return;
 
       assert_header_equals(e.data, {
         "cause": "forced",
-        "destination": "document",
-        "target": "nested",
+        "destination": "nested-document",
         "site": "same-origin"
       });
       t.done();
     }));
 
     document.body.appendChild(i);
   }, "Same-origin iframe");
 
@@ -27,18 +26,17 @@
     let i = document.createElement('iframe');
     i.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/post-to-owner.py";
     window.addEventListener('message', t.step_func(e => {
       if (e.source != i.contentWindow)
         return;
 
       assert_header_equals(e.data, {
         "cause": "forced",
-        "destination": "document",
-        "target": "nested",
+        "destination": "nested-document",
         "site": "same-site"
       });
       t.done();
     }));
 
     document.body.appendChild(i);
   }, "Same-site iframe");
 
@@ -46,18 +44,17 @@
     let i = document.createElement('iframe');
     i.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/post-to-owner.py";
     window.addEventListener('message', t.step_func(e => {
       if (e.source != i.contentWindow)
         return;
 
       assert_header_equals(e.data, {
         "cause": "forced",
-        "destination": "document",
-        "target": "nested",
+        "destination": "nested-document",
         "site": "cross-site"
       });
       t.done();
     }));
 
     document.body.appendChild(i);
   }, "Cross-site iframe");
 </script>
--- a/testing/web-platform/tests/fetch/sec-metadata/img.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/img.tentative.https.sub.html
@@ -9,46 +9,43 @@
   // encode their request headers in their pixels. Fun stuff!
   async_test(t => {
     loadImageInWindow(
       "https://{{host}}:{{ports[https][0]}}/referrer-policy/generic/subresource/image.py",
       t.step_func_done(img => {
         assert_header_equals(decodeImageData(extractImageData(img)).headers["sec-metadata"], {
           "cause": undefined,
           "destination": "image",
-          "target": "subresource",
           "site": "same-origin"
         });
       }),
       [],
       window);
   }, "Same-origin image");
 
   async_test(t => {
     loadImageInWindow(
       "https://{{hosts[][www]}}:{{ports[https][0]}}/referrer-policy/generic/subresource/image.py",
       t.step_func_done(img => {
         assert_header_equals(decodeImageData(extractImageData(img)).headers["sec-metadata"], {
           "cause": undefined,
           "destination": "image",
-          "target": "subresource",
           "site": "same-site"
         });
       }),
       [],
       window);
   }, "Same-site image");
 
   async_test(t => {
     loadImageInWindow(
       "https://{{hosts[alt][www]}}:{{ports[https][0]}}/referrer-policy/generic/subresource/image.py",
       t.step_func_done(img => {
         assert_header_equals(decodeImageData(extractImageData(img)).headers["sec-metadata"], {
           "cause": undefined,
           "destination": "image",
-          "target": "subresource",
           "site": "cross-site"
         });
       }),
       [],
       window);
   }, "Cross-site image");
 </script>
--- a/testing/web-platform/tests/fetch/sec-metadata/object.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/object.tentative.https.sub.html
@@ -8,17 +8,17 @@
 <script>
   promise_test(t => {
     return new Promise((resolve, reject) => {
       let key = "object-same-origin";
 
       let e = document.createElement('object');
       e.data = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"object", "target":"subresource", "site":"same-origin"};
+        let expected = {"destination":"object", "site":"same-origin"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))
           .then(_ => resolve())
           .catch(e => reject(e));
       };
 
       document.body.appendChild(e);
@@ -27,17 +27,17 @@
 
   promise_test(t => {
     return new Promise((resolve, reject) => {
       let key = "object-same-site";
 
       let e = document.createElement('object');
       e.data = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"object", "target":"subresource", "site":"same-site"};
+        let expected = {"destination":"object", "site":"same-site"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))
           .then(_ => resolve())
           .catch(e => reject(e));
       };
 
       document.body.appendChild(e);
@@ -46,17 +46,17 @@
 
   promise_test(t => {
     return new Promise((resolve, reject) => {
       let key = "object-cross-site";
 
       let e = document.createElement('object');
       e.data = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=" + key;
       e.onload = e => {
-        let expected = {"destination":"object", "target":"subresource", "site":"cross-site"};
+        let expected = {"destination":"object", "site":"cross-site"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))
           .then(_ => resolve())
           .catch(e => reject(e));
       };
 
       document.body.appendChild(e);
--- a/testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/cross-site.tentative.https.sub.html
@@ -9,17 +9,17 @@
   <img onload="test_cross_site()" onerror="test_cross_site()" src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-cross-site-cross-site"></img>
 </body>
 
 <script>
   function test_cross_site(){
     var cross_site_test = async_test("Cross-Site -> Cross-Site redirect");
     cross_site_test.step(function () {
         filename = "redirect-cross-site-cross-site";
-        expected_cross_site = {"destination":"image", "target":"subresource", "site":"cross-site"};
+        expected_cross_site = {"destination":"image", "site":"cross-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         cross_site_xhr = new XMLHttpRequest();
         cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
 
         // Async test step triggered when the response is loaded
         cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
           verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
--- a/testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/same-origin.tentative.https.sub.html
@@ -10,17 +10,17 @@
   <img onload="test_same_origin()" onerror="test_same_origin()" src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-cross-site-same-origin"></img>
 </body>
 
 <script>
   function test_same_origin(){
     var same_origin_test = async_test("Cross-Site -> Same-Origin redirect");
     same_origin_test.step(function () {
         filename = "redirect-cross-site-same-origin";
-        expected_same_origin = {"destination":"image", "target":"subresource", "site":"cross-site"};
+        expected_same_origin = {"destination":"image", "site":"cross-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();
         same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
 
         // Async test step triggered when the response is loaded
         same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
           verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
--- a/testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/redirect/cross-site/same-site.tentative.https.sub.html
@@ -9,17 +9,17 @@
   <img onload="test_same_site()" onerror="test_same_site()" src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-cross-site-same-site"></img>
 </body>
 
 <script>
   function test_same_site(){
     var same_site_test = async_test("Cross-Site -> Same-Site redirect");
     same_site_test.step(function () {
         filename = "redirect-cross-site-same-site";
-        expected_same_site = {"destination":"image", "target":"subresource", "site":"cross-site"};
+        expected_same_site = {"destination":"image", "site":"cross-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_site_xhr = new XMLHttpRequest();
         same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
 
         // Async test step triggered when the response is loaded
         same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
           verify_response(same_site_xhr, same_site_test, expected_same_site)
--- a/testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/cross-site.tentative.https.sub.html
@@ -9,17 +9,17 @@
   <img onload="test_cross_site()" onerror="test_cross_site()" src="https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-origin-cross-site"></img>
 </body>
 
 <script>
   function test_cross_site(){
     var cross_site_test = async_test("Same-Origin -> Cross-Site redirect");
     cross_site_test.step(function () {
         filename = "redirect-same-origin-cross-site";
-        expected_cross_site = {"destination":"image", "target":"subresource", "site":"same-origin"};
+        expected_cross_site = {"destination":"image", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         cross_site_xhr = new XMLHttpRequest();
         cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
 
         // Async test step triggered when the response is loaded
         cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
           verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
--- a/testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/same-origin.tentative.https.sub.html
@@ -10,17 +10,17 @@
   <img onload="test_same_origin()" onerror="test_same_origin()" src="https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-origin-same-origin"></img>
 </body>
 
 <script>
   function test_same_origin(){
     var same_origin_test = async_test("Same-Origin -> Same-Origin redirect");
     same_origin_test.step(function () {
         filename = "redirect-same-origin-same-origin";
-        expected_same_origin = {"destination":"image", "target":"subresource", "site":"same-origin"};
+        expected_same_origin = {"destination":"image", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();
         same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
 
         // Async test step triggered when the response is loaded
         same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
           verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
--- a/testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/redirect/same-origin/same-site.tentative.https.sub.html
@@ -10,17 +10,17 @@
   <img onload="test_same_site()" onerror="test_same_site()" src="https://{{host}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-origin-same-site"></img>
 </body>
 
 <script>
   function test_same_site(){
     var same_site_test = async_test("Same-Origin -> Same-Site redirect");
     same_site_test.step(function () {
         filename = "redirect-same-origin-same-site";
-        expected_same_site = {"destination":"image", "target":"subresource", "site":"same-origin"};
+        expected_same_site = {"destination":"image", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_site_xhr = new XMLHttpRequest();
         same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + filename);
 
         // Async test step triggered when the response is loaded
         same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
           verify_response(same_site_xhr, same_site_test, expected_same_site)
--- a/testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/cross-site.tentative.https.sub.html
@@ -10,17 +10,17 @@
   <img onload="test_cross_site()" onerror="test_cross_site()" src="https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-site-cross-site"></img>
 </body>
 
 <script>
   function test_cross_site(){
     var cross_site_test = async_test("Same-Site -> Cross-Site redirect");
     cross_site_test.step(function () {
         key = "redirect-same-site-cross-site";
-        expected_cross_site = {"destination":"image", "target":"subresource", "site":"same-site"};
+        expected_cross_site = {"destination":"image", "site":"same-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         cross_site_xhr = new XMLHttpRequest();
         cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
 
         // Async test step triggered when the response is loaded
         cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
           verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
--- a/testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/same-origin.tentative.https.sub.html
@@ -10,17 +10,17 @@
   <img onload="test_same_origin()" onerror="test_same_origin()" src="https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-site-same-origin"></img>
 </body>
 
 <script>
   function test_same_origin(){
     var same_origin_test = async_test("Same-Site -> Same-Origin redirect");
     same_origin_test.step(function () {
         key = "redirect-same-site-same-origin";
-        expected_same_origin = {"destination":"image", "target":"subresource", "site":"same-site"};
+        expected_same_origin = {"destination":"image", "site":"same-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();
         same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
 
         // Async test step triggered when the response is loaded
         same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
           verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
--- a/testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/redirect/same-site/same-site.tentative.https.sub.html
@@ -10,17 +10,17 @@
   <img onload="test_same_site()" onerror="test_same_site()" src="https://{{hosts[][www]}}:{{ports[https][0]}}/xhr/resources/redirect.py?location=https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=redirect-same-site-same-site"></img>
 </body>
 
 <script>
   function test_same_site(){
     var same_site_test = async_test("Same-Site -> Same-Site redirect");
     same_site_test.step(function () {
         key = "redirect-same-site-same-site";
-        expected_same_site = {"destination":"image", "target":"subresource", "site":"same-site"};
+        expected_same_site = {"destination":"image", "site":"same-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_site_xhr = new XMLHttpRequest();
         same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
 
         // Async test step triggered when the response is loaded
         same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
           verify_response(same_site_xhr, same_site_test, expected_same_site)
--- a/testing/web-platform/tests/fetch/sec-metadata/report.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/report.tentative.https.sub.html
@@ -6,30 +6,30 @@
 <link id="style" href="https://foo.bar" rel="stylesheet">
 <body></body>
 <script>
   let counter = 0;
   document.addEventListener("securitypolicyviolation", (e) => {
     counter++;
     if (counter == 3) {
       promise_test(t => {
-        expected = {"destination":"report", "target":"subresource", "site":"same-origin"};
+        expected = {"destination":"report", "site":"same-origin"};
         return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=report-same-origin")
             .then(response => response.text())
             .then(text => assert_header_equals(text, expected));
       }, "Same-Origin report");
 
       promise_test(t => {
-        expected = {"destination":"report", "target":"subresource", "site":"same-site"};
+        expected = {"destination":"report", "site":"same-site"};
         return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=report-same-site")
             .then(response => response.text())
             .then(text => assert_header_equals(text, expected));
       }, "Same-site report");
 
       promise_test(t => {
-        expected = {"destination":"report", "target":"subresource", "site":"cross-site"};
+        expected = {"destination":"report", "site":"cross-site"};
         return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=report-cross-site")
             .then(response => response.text())
             .then(text => assert_header_equals(text, expected));
       }, "Cross-site report");
     }
   });
 </script>
--- a/testing/web-platform/tests/fetch/sec-metadata/resources/echo-as-json.py
+++ b/testing/web-platform/tests/fetch/sec-metadata/resources/echo-as-json.py
@@ -3,10 +3,10 @@ import json
 def main(request, response):
     headers = [("Content-Type", "application/json"),
                ("Access-Control-Allow-Credentials", "true")]
 
     if "origin" in request.headers:
         headers.append(("Access-Control-Allow-Origin", request.headers["origin"]))
 
 
-    body = json.dumps({ "header": request.headers["sec-metadata"] })
+    body = json.dumps({ "header": request.headers.get("sec-metadata", "") })
     return headers, body
--- a/testing/web-platform/tests/fetch/sec-metadata/resources/echo-as-script.py
+++ b/testing/web-platform/tests/fetch/sec-metadata/resources/echo-as-script.py
@@ -1,8 +1,8 @@
 import json
 
 def main(request, response):
     headers = [("Content-Type", "text/javascript")]
 
-    body = "var header = %s;" % json.dumps(request.headers["sec-metadata"]);
+    body = "var header = %s;" % json.dumps(request.headers.get("sec-metadata", ""));
 
     return headers, body
--- a/testing/web-platform/tests/fetch/sec-metadata/script.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/script.tentative.https.sub.html
@@ -7,43 +7,40 @@
 <script src="https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-script.py"></script>
 <script>
   test(t => {
     t.add_cleanup(_ => { header = null; });
 
     assert_header_equals(header, {
       "cause": undefined,
       "destination": "script",
-      "target": "subresource",
       "site": "same-origin"
     });
   }, "Same-origin script");
 </script>
 
 <!-- Same-site script -->
 <script src="https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-script.py"></script>
 <script>
   test(t => {
     t.add_cleanup(_ => { header = null; });
 
     assert_header_equals(header, {
       "cause": undefined,
       "destination": "script",
-      "target": "subresource",
       "site": "same-site"
     });
   }, "Same-site script");
 </script>
 
 <!-- Cross-site script -->
 <script src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/echo-as-script.py"></script>
 <script>
   test(t => {
     t.add_cleanup(_ => { header = null; });
 
     assert_header_equals(header, {
       "cause": undefined,
       "destination": "script",
-      "target": "subresource",
       "site": "cross-site"
     });
   }, "Cross-site script");
 </script>
--- a/testing/web-platform/tests/fetch/sec-metadata/serviceworker.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/serviceworker.tentative.https.sub.html
@@ -30,17 +30,17 @@
   </script>
 </body>
 
 <script>
   function test_same_origin(){
     var same_origin_test = async_test("Same-Origin serviceworker");
     same_origin_test.step(function () {
         key = "serviceworker-same-origin";
-        expected_same_origin = {"destination":"serviceworker", "target":"subresource", "site":"same-origin"};
+        expected_same_origin = {"destination":"serviceworker", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();
         same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
 
         // Async test step triggered when the response is loaded
         same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
           verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
--- a/testing/web-platform/tests/fetch/sec-metadata/sharedworker.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/sharedworker.tentative.https.sub.html
@@ -21,17 +21,17 @@
       }
       sharedWorker.port.postMessage("Ready");
     }
 
   function test_same_origin(){
     var same_origin_test = async_test("Same-Origin sharedworker");
     same_origin_test.step(function () {
         key = "sharedworker-same-origin";
-        expected_same_origin = {"destination":"sharedworker", "target":"subresource", "site":"same-origin"};
+        expected_same_origin = {"destination":"sharedworker", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();
         same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
 
         // Async test step triggered when the response is loaded
         same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
           verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
--- a/testing/web-platform/tests/fetch/sec-metadata/style.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/style.tentative.https.sub.html
@@ -4,17 +4,17 @@
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=/fetch/sec-metadata/resources/helper.js></script>
 <script>
   function test_same_origin() {
     var same_origin_test = async_test("Same-Origin style");
     same_origin_test.step(function () {
         key = "style-same-origin";
-        expected_same_origin = {"destination":"style", "target":"subresource", "site":"same-origin"};
+        expected_same_origin = {"destination":"style", "site":"same-origin"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_origin_xhr = new XMLHttpRequest();
         same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
 
         // Async test step triggered when the response is loaded
         same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
           verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
@@ -22,17 +22,17 @@
         same_origin_xhr.send();
     });
   }
 
   function test_same_site() {
     var same_site_test = async_test("Same-Site style");
     same_site_test.step(function () {
         key = "style-same-site";
-        expected_same_site = {"destination":"style", "target":"subresource", "site":"same-site"};
+        expected_same_site = {"destination":"style", "site":"same-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         same_site_xhr = new XMLHttpRequest();
         same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
 
         // Async test step triggered when the response is loaded
         same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
           verify_response(same_site_xhr, same_site_test, expected_same_site)
@@ -40,17 +40,17 @@
         same_site_xhr.send();
     });
   }
 
   function test_cross_site() {
     var cross_site_test = async_test("Cross-Site style");
     cross_site_test.step(function () {
         key = "style-cross-site";
-        expected_cross_site = {"destination":"style", "target":"subresource", "site":"cross-site"};
+        expected_cross_site = {"destination":"style", "site":"cross-site"};
 
         //  Requests from the server the saved value of the Sec-Metadata header
         cross_site_xhr = new XMLHttpRequest();
         cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
 
         // Async test step triggered when the response is loaded
         cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
           verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
--- a/testing/web-platform/tests/fetch/sec-metadata/track.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/track.tentative.https.sub.html
@@ -1,81 +1,79 @@
 <!DOCTYPE html>
 
 <link rel="author" href="mtrzos@google.com" title="Maciek Trzos">
 <script src=/resources/testharness.js></script>
 <script src=/resources/testharnessreport.js></script>
 <script src=/fetch/sec-metadata/resources/helper.js></script>
 <body>
-  <!-- Same-Origin request -->
-  <video src="/media/movie_5.mp4" controls>
-    <track default kind="captions" src="https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=track-same-origin"
-    srclang="en" onload="test_same_origin()">
-  </video>
-
-  <!-- Same-Site request -->
-  <video src="/media/movie_5.mp4" controls crossorigin>
-    <track default kind="captions" src="https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=track-same-site"
-    srclang="pl" onload="test_same_site()">
-  </video>
+</body>
+<script>
+  function createVideoElement() {
+    let el = document.createElement('video');
+    el.src = "/media/movie_5.mp4";
+    el.setAttribute("controls", "");
+    el.setAttribute("crossorigin", "");
+    return el;
+  }
 
-  <!-- Cross-Site request -->
-  <video src="/media/movie_5.mp4" controls crossorigin>
-    <track default kind="captions" src="https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=track-cross-site"
-    srclang="de" onload="test_cross_site()">
-  </video>
-</body>
-
-<script>
-  function test_same_origin(){
-    var same_origin_test = async_test("Same-Origin track");
-    same_origin_test.step(function () {
-        key = "track-same-origin";
-        expected_same_origin = {"destination":"track", "target":"subresource", "site":"same-origin"};
-
-        //  Requests from the server the saved value of the Sec-Metadata header
-        same_origin_xhr = new XMLHttpRequest();
-        same_origin_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
-
-        // Async test step triggered when the response is loaded
-        same_origin_xhr.onreadystatechange = same_origin_test.step_func(function () {
-          verify_response(same_origin_xhr, same_origin_test, expected_same_origin)
-        });
-        same_origin_xhr.send();
-    });
+  function createTrack() {
+    let el = document.createElement("track");
+    el.setAttribute("default", "");
+    el.setAttribute("kind", "captions");
+    el.setAttribute("srclang", "en");
+    return el;
   }
 
-  function test_same_site(){
-    var same_site_test = async_test("Same-Site track");
-    same_site_test.step(function () {
-        key = "track-same-site";
-        expected_same_site = {"destination":"track", "target":"subresource", "site":"same-site"};
-
-        //  Requests from the server the saved value of the Sec-Metadata header
-        same_site_xhr = new XMLHttpRequest();
-        same_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
-
-        // Async test step triggered when the response is loaded
-        same_site_xhr.onreadystatechange = same_site_test.step_func(function () {
-          verify_response(same_site_xhr, same_site_test, expected_same_site)
-        });
-        same_site_xhr.send();
+  promise_test(t => {
+    return new Promise((resolve, reject) => {
+      let video = createVideoElement();
+      let el = createTrack();
+      el.src = "https://{{host}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=track-same-origin";
+      el.onload = t.step_func(_ => {
+        expected = {"destination":"track", "site":"same-origin"};
+        fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=track-same-origin")
+            .then(response => response.text())
+            .then(text => assert_header_equals(text, expected))
+            .then(_ => resolve());
+      });
+      video.appendChild(el);
+      document.body.appendChild(video);
     });
-  }
+  }, "Same-Origin track");
 
-  function test_cross_site(){
-    var cross_site_test = async_test("Cross-Site track");
-    cross_site_test.step(function () {
-        key = "track-cross-site";
-        expected_cross_site = {"destination":"track", "target":"subresource", "site":"cross-site"};
+  promise_test(t => {
+    return new Promise((resolve, reject) => {
+      let video = createVideoElement();
+      let el = createTrack();
+      el.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=track-same-site";
+      el.onload = t.step_func(_ => {
+        expected = {"destination":"track", "site":"same-site"};
+        fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=track-same-site")
+            .then(response => response.text())
+            .then(text => assert_header_equals(text, expected))
+            .then(resolve)
+            .catch(reject);
+
+      });
+      video.appendChild(el);
+      document.body.appendChild(video);
+    });
+  }, "Same-Site track");
 
-        //  Requests from the server the saved value of the Sec-Metadata header
-        cross_site_xhr = new XMLHttpRequest();
-        cross_site_xhr.open("GET", "/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key);
-
-        // Async test step triggered when the response is loaded
-        cross_site_xhr.onreadystatechange = cross_site_test.step_func(function () {
-          verify_response(cross_site_xhr, cross_site_test, expected_cross_site)
-        });
-        cross_site_xhr.send();
+  promise_test(t => {
+    return new Promise((resolve, reject) => {
+      let video = createVideoElement();
+      let el = createTrack();
+      el.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/record-header.py?file=track-cross-site";
+      el.onload = t.step_func(_ => {
+        expected = {"destination":"track", "site":"cross-site"};
+        fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=track-cross-site")
+            .then(response => response.text())
+            .then(text => assert_header_equals(text, expected))
+            .then(resolve)
+            .catch(reject);
+      });
+      video.appendChild(el);
+      document.body.appendChild(video);
     });
-  }
+  }, "Cross-Site track");
 </script>
--- a/testing/web-platform/tests/fetch/sec-metadata/window-open.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/window-open.tentative.https.sub.html
@@ -12,51 +12,48 @@
     t.add_cleanup(_ => w.close());
     window.addEventListener('message', t.step_func(e => {
       if (e.source != w)
         return;
 
       assert_header_equals(e.data, {
         "cause": "forced",
         "destination": "document",
-        "target": "top-level",
         "site": "same-origin"
       });
       t.done();
     }));
   }, "Same-origin window, forced");
 
   async_test(t => {
     let w = window.open("https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/post-to-owner.py");
     t.add_cleanup(_ => w.close());
     window.addEventListener('message', t.step_func(e => {
       if (e.source != w)
         return;
 
       assert_header_equals(e.data, {
         "cause": "forced",
         "destination": "document",
-        "target": "top-level",
         "site": "same-site"
       });
       t.done();
     }));
   }, "Same-site window, forced");
 
   async_test(t => {
     let w = window.open("https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/sec-metadata/resources/post-to-owner.py");
     t.add_cleanup(_ => w.close());
     window.addEventListener('message', t.step_func(e => {
       if (e.source != w)
         return;
 
       assert_header_equals(e.data, {
         "cause": "forced",
         "destination": "document",
-        "target": "top-level",
         "site": "cross-site"
       });
       t.done();
     }));
   }, "Cross-site window, forced");
 
   // User-activated navigations:
   async_test(t => {
@@ -66,17 +63,16 @@
       t.add_cleanup(_ => w.close());
       window.addEventListener('message', t.step_func(e => {
         if (e.source != w)
           return;
 
         assert_header_equals(e.data, {
           "cause": "user-activated",
           "destination": "document",
-          "target": "top-level",
           "site": "same-origin"
         });
         t.done();
       }));
     });
     document.body.appendChild(b);
     test_driver.click(b);
   }, "Same-origin window, user-activated");
@@ -88,17 +84,16 @@
       t.add_cleanup(_ => w.close());
       window.addEventListener('message', t.step_func(e => {
         if (e.source != w)
           return;
 
         assert_header_equals(e.data, {
           "cause": "user-activated",
           "destination": "document",
-          "target": "top-level",
           "site": "same-site"
         });
         t.done();
       }));
     });
     document.body.appendChild(b);
     test_driver.click(b);
   }, "Same-site window, user-activated");
@@ -110,17 +105,16 @@
       t.add_cleanup(_ => w.close());
       window.addEventListener('message', t.step_func(e => {
         if (e.source != w)
           return;
 
         assert_header_equals(e.data, {
           "cause": "user-activated",
           "destination": "document",
-          "target": "top-level",
           "site": "cross-site"
         });
         t.done();
       }));
     });
     document.body.appendChild(b);
     test_driver.click(b);
   }, "Cross-site window, user-activated");
--- a/testing/web-platform/tests/fetch/sec-metadata/worker.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/worker.tentative.https.sub.html
@@ -5,17 +5,17 @@
 <script src=/resources/testharnessreport.js></script>
 <script src=/fetch/sec-metadata/resources/helper.js></script>
 <script>
   promise_test(t => {
     return new Promise((resolve, reject) => {
       let key = "worker-same-origin";
       let w = new Worker("/fetch/sec-metadata/resources/record-header.py?file=" + key);
       w.onmessage = e => {
-        let expected = {"destination":"worker", "target":"subresource", "site":"same-origin"};
+        let expected = {"destination":"worker", "site":"same-origin"};
         fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=" + key)
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected))
           .then(_ => resolve())
           .catch(e => reject(e));
       };
     });
   }, "Same-Origin worker");
--- a/testing/web-platform/tests/fetch/sec-metadata/xslt.tentative.https.sub.html
+++ b/testing/web-platform/tests/fetch/sec-metadata/xslt.tentative.https.sub.html
@@ -7,31 +7,31 @@
 <script>
   // Open a window with XML document which loads resources via <?xml-stylesheet/> tag
   let w = window.open("resources/xslt-test.sub.xml");
   window.addEventListener('message', function(e) {
     if (e.source != w)
       return;
 
     promise_test(t => {
-      let expected = {"destination":"xslt", "target":"subresource", "site":"same-origin"};
+      let expected = {"destination":"xslt", "site":"same-origin"};
       return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=xslt-same-origin")
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected));
     }, "Same-Origin xslt");
 
     promise_test(t => {
-      let expected = {"destination":"xslt", "target":"subresource", "site":"same-site"};
+      let expected = {"destination":"xslt", "site":"same-site"};
       return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=xslt-same-site")
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected));
     }, "Same-site xslt");
 
     promise_test(t => {
-      let expected = {"destination":"xslt", "target":"subresource", "site":"cross-site"};
+      let expected = {"destination":"xslt", "site":"cross-site"};
       return fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=xslt-cross-site")
           .then(response => response.text())
           .then(text => assert_header_equals(text, expected));
     }, "Cross-site xslt");
 
     w.close();
   });