I haven't seen this technique discussed here, but it is being relied upon in FedCM to provide protections against navigational tracking. I think it would be worth thinking about its efficacy and/or general utility.

Essentially, FedCM uses a finite set of links inside of a site-level (subdomains stripped to the site) .well-known resource to reduce the entropy in cross-site requests to prevent tracking: https://www.w3.org/TR/2024/WD-fedcm-1-20240820/#idp-api-well-known. This is relied upon to prevent requests from containing user identifiers from the current context outward because the request must contain uniquely identifying information to the requested origin. This is similar to navigation, where the navigation becomes a new first-party context.

In theory, inward navigation by an IDP could be restricted to a finite set of urls that is specified at the site level by a .well-known file.

This leaves two interesting questions IMO:

1. does such a technique offer meaningful protection against navigational tracking?
2. would such a restriction ever be feasible?