It’s important to clarify that, while the utility of polyfills today is somewhat debatable, the issue does not lie in the library’s code itself. Instead, it is a deliberate malicious act by the new owners of a 3rd-party CDN service, which is the most popular one for distributing the library.
Notably, WordPress bundles a local copy of the library at /wp-includes/js/dist/vendor/wp-polyfill.min.js. If plugin and theme developers are adhering to basic WordPress coding standards, they should be enqueuing the local copy rather than hotlinking to an external one.
If you trust Cloudflare (considering their technology and security promise, rather than their politics) and use their CDN/proxy, they offer a simple toggle that automatically replaces all references to polyfill.io with their mirror at cdnjs.cloudflare.com/polyfill/.
