@feld @encthenet Heh well badwolf has containers built-in, effectively because there's a lot of ways of getting cookie-like storage from browsers, so even things like first-party only http-cookie don't seems enough to me.
(Like you entirely can use ETags as cookies, so I keep caching isolated)
That said the containers in mine aren't per-site, it's more there to avoid tracking/fingerprinting than security, and while a modification to make it per-site would be doable, it would be horrible in terms of performance.
I think a dedicated browser like Tangram makes more sense for when you want webapps to be isolated. That said I somehow still haven't evaluated it.