In Request processing the hints in the hintSet are checked against permission policy only if the request is a subresource request. Are hints expected to be checked against Permission Policy when the request is a non-subresource request (e.g., a request who's destination is iframe)? I would expect requests for embedded iframes to also check against Permission Policy and that's what I've observed when testing in Chrome.

It's possible I'm just misunderstanding the fetch definition of non-subresource request. What I've observed in testing matches my intuitive understanding of a "subresource" request as an embedded request and a non-subresource request as a top-level document request. But fetch's definition seems more narrow than that.