docs: document out-of-scope alternatives

- browser detection requires separate IPIP (security concerns)
- health checking left to implementers
- stale file handling left to implementers

Author: lidel

src/ipips/ipip-0280.md

@@ -97,7 +97,24 @@ See "Security" section of :cite[gateway-detection].
 
 ### Alternatives
 
-N/A. This IPIP covers both environment variable and configuration file.
+#### Browser Environment Detection
+
+Detection via browser APIs (e.g., `localStorage.getItem('IPFS_GATEWAY')`) was
+considered but is explicitly out of scope. Any JavaScript running on a page
+could overwrite such values and hijack gateway requests. Browser-based detection
+requires a separate IPIP with proper security review.
+
+#### Gateway Health Checking
+
+This specification does not mandate health checking of detected gateways.
+Implementations MAY verify that a gateway is responsive before using it,
+but the specific approach is left to implementers.
+
+#### Stale Gateway File Handling
+
+If a daemon crashes without removing the `gateway` file, it may contain a stale
+URL. This specification does not mandate specific handling. Implementations MAY
+implement timeout-based health checks or other recovery mechanisms.
 
 ### Copyright