I think this is less invasive though. The Google proposal runs before content loaded into the DOM. Which means it can be used to do things like programmatically detect and block code injection like ad blockers.
PATs are purely a server side thing. They don't give this kind of control. And don't perform a signature over the content
replies(2):