This is true. However, I don’t see this happening as the website/browser isn’t really the problem with online banking, it’s more often the user.
On another note, how about no access at all, because this is a freaking huge attack surface for (D)DOS. Imagine you just invalidate signatures of all traffic to and from an attestation service. You could almost stop countries from functioning. That’s a serious vulnerability which we can easily do without.