Putting user generated content on its own domain is more on the security side of things to know about running a website, and our industry doesn't regulate who's allowed to build websites. Everyone's got their own set of different best practices.

Regardless of the exact date that GitHub moved which kinds of user generated content (UGC) over to which domain/domains, I do expect a curious webdev in 2025 to have used GitHub and to have wondered enough about it to ask what's up with stuff coming from eg raw.githubusercontent.com at some point in their web browsing career to ask Google about it. They should have walked away with the idea that they're putting UGC on a separate domain intentionally for security stuff, even if they never hear mention of the PSL or how exactly it works and is implemented. The /r/webdev post you'll find links to a GitHub blog post that gives a lot of detail as to why they did that, and that doesn't mention the PSL once.

It's fair to point out the PSL isn't common knowledge. I would agree that it isn't. I don't think it's necessary, however. All it takes is being a user of GitHub and a modicum of curiosity. I expect anyone that call themselves a webdev in 2025 to be able to explain to me what git and GitHub is and why they're different. They don't need to know where git came from but I don't think I'm being unreasonable in asking that much. From there, I expect someone to be able to make up an answer as to why there's raw.githubusercontent.com during an interview and mumble something about security, even if they can't give specific details about cookies and phishing and how that all works.

It's possible I'm being unreasonable here but I don't think I am. This isn't knowledge that takes attending W3C meetings about web browser standards to have come across. Regardless of if I am or not though, everyone who's come across this thread should now know that UGC goes in its own domain, even if they can't give details as to why.