I am reading and taking notes on the HTML specifications for 100 days as part of #The100DayProject. Read the initial intent/backstory. I am a Microsoft employee but all opinions, comments, etc on this site are my own. I do not speak on behalf of my employer, and thus no comments should be taken as representative of Microsoft's official opinion of the spec. Subsections not listed below were read without comment.
Currently reading in 3.1.2 Resource metadata management.
3.1.2 Resource metadata management
Non-normative note on cookies: "If the contents are sandboxed into a unique origin (e.g. in an iframe with the sandbox attribute), a SecurityError exception will be thrown on getting and setting."
Some documents are said to be "cookie averse": those with no "browsing context" (so that's N/A to a web page you navigate to in a browser) and with an address lacking a "server-based naming authority". I'm unsure of what would be an example of a document that is inherently cookie averse—can't seem to find a use case other than user-disabled cookies—so probably this is not something to worry about as a web dev, but possibly as a UA.
document.lastModified is returned in the user's time zone.