Your comments

I just did a fresh install of 6.9.20424.6863 and tried to setup a Privacy Preferences Policy Control whitelist payload, but the /opt/ is still coming back as not signed. Here's what I'm seeing:

$ codesign -dv /opt/
/opt/ code object is not signed at all


$ codesign -dv /Applications/
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=79381 flags=0x0(none) hashes=2473+5 location=embedded
Signature size=4620
Signed Time=Nov 11, 2018 at 2:49:13 PM
Info.plist entries=47
Sealed Resources version=2 rules=13 files=153
Internal requirements count=1 size=216

In other words, suggesting I install a browser extension doesn't fulfill my request.

That doesn't help when I have other users involved. I'm requesting this both for security auditing and troubleshooting with users that I can't install browser add-ons for. I was told in Ticket #11121108 to create a feature request. Here we are...

I agree something native would be great. HTML5 client might also be a way to accomplish this. (Update: I found this