It is not clear to me what happens when an offending website forces the user's browser to follow a chain of redirects.
According to the documentation, "Redirects will be followed, and the topics sent in the redirect request will be specific to the redirect URL."
Can this potentially lead to an attack in which the browser follows a chain of redirects, each one letting the controlling webmaster obtain one (three) possible topics via the document.browsingTopics()?

For instance:
(visit to mysite1.com -> get 3 topics) + (redirect to mysite2.com -> get 3 topics) + (redirect to mysite3.com -> get 3 topics) + ...

With this attack, assuming the three websites are owned by the same (or colluding) organization(s), who controls mysite{X}.com gets up to 3|X| topics in a short time.
Are there any mechanisms in place to prevent this?

Moreover, which is the definition of a website within the Topics API?
Are two subdomains of the same domain considered different websites?
For example, one.example.org and two.example.org are the same or different websites?