Security and privacy of client-side isolation on the web