For a given set of browsers, what APIs are in all of them and how many days it take for the API to land in the first browser to the last.
| Last in Chrome | Last in Firefox | |
|---|---|---|
| First in Chrome | 96 | |
| First in Firefox | 99 |
195 APIs took an average of 881.42 days to become available to use.
API breakdown:
| HTTP APIs | HTTP TTA | |
|---|---|---|
| 2004 | 61 | 1493.00 |
| 2006 | 5 | 1107.00 |
| 2008 | 2 | 2072.00 |
| 2009 | 8 | 209.00 |
| 2010 | 4 | 427.75 |
| 2011 | 6 | 175.00 |
| 2012 | 2 | 1344.00 |
| 2013 | 17 | 742.00 |
| 2014 | 1 | 476.00 |
| 2015 | 9 | 321.78 |
| 2016 | 11 | 325.45 |
| 2017 | 14 | 538.57 |
| 2018 | 8 | 1371.00 |
| 2019 | 13 | 681.69 |
| 2020 | 8 | 724.50 |
| 2021 | 6 | 771.50 |
| 2022 | 7 | 535.00 |
| 2023 | 3 | 480.67 |
| 2024 | 3 | 65.33 |
| 2025 | 7 | 180.00 |
There is a natural tension on the web with respect to browser engines. Every engine has their own set of priorities which define the level of investment that they choose to make and on which areas they choose to make it.
A developer naturally wants their experiences to be available to the widest audience possible and these differing priorities create an unevenness on the platform (a lumpiness) making it harder for developers to build experiences that work everywhere.
This section highlights where browsers are pushing and pulling on the platform.
This table is designed to show which browsers are pushing on the platform the most.
Adding features to quickly is not always desired because developers are unlikely to adopt those features in their sites or apps.
| Year | HTTP | HTTP TTA |
|---|---|---|
| 2004 | ||
| Firefox | 61 | 1493.00 |
| 2006 | ||
| Firefox | 5 | 1107.00 |
| 2008 | ||
| Chrome | 1 | 3967.00 |
| Firefox | 1 | 177.00 |
| 2009 | ||
| Firefox | 8 | 209.00 |
| 2010 | ||
| Chrome | 4 | 427.75 |
| 2011 | ||
| Firefox | 1 | 595.00 |
| Chrome | 5 | 91.00 |
| 2012 | ||
| Chrome | 1 | 1959.00 |
| Firefox | 1 | 729.00 |
| 2013 | ||
| Chrome | 14 | 404.50 |
| Firefox | 3 | 2317.00 |
| 2014 | ||
| Chrome | 1 | 476.00 |
| 2015 | ||
| Firefox | 2 | 221.50 |
| Chrome | 7 | 350.43 |
| 2016 | ||
| Firefox | 6 | 158.33 |
| Chrome | 5 | 526.00 |
| 2017 | ||
| Chrome | 10 | 614.00 |
| Firefox | 4 | 350.00 |
| 2018 | ||
| Chrome | 6 | 1527.17 |
| Firefox | 2 | 902.50 |
| 2019 | ||
| Chrome | 12 | 725.67 |
| Firefox | 1 | 154.00 |
| 2020 | ||
| Chrome | 7 | 785.00 |
| Firefox | 1 | 301.00 |
| 2021 | ||
| Firefox | 3 | 473.67 |
| Chrome | 3 | 1069.33 |
| 2022 | ||
| Chrome | 7 | 535.00 |
| 2023 | ||
| Chrome | 3 | 480.67 |
| 2024 | ||
| Chrome | 3 | 65.33 |
| 2025 | ||
| Chrome | 7 | 180.00 |
This table is designed to show which browsers are pulling on the platform the most.
| Year | HTTP count | HTTP TTA |
|---|---|---|
| 2004 | ||
| Chrome | 61 | 1493.00 |
| 2006 | ||
| Chrome | 5 | 1107.00 |
| 2008 | ||
| Firefox | 1 | 3967.00 |
| Chrome | 1 | 177.00 |
| 2009 | ||
| Chrome | 8 | 209.00 |
| 2010 | ||
| Firefox | 4 | 427.75 |
| 2011 | ||
| Chrome | 1 | 595.00 |
| Firefox | 5 | 91.00 |
| 2012 | ||
| Firefox | 1 | 1959.00 |
| Chrome | 1 | 729.00 |
| 2013 | ||
| Firefox | 14 | 404.50 |
| Chrome | 3 | 2317.00 |
| 2014 | ||
| Firefox | 1 | 476.00 |
| 2015 | ||
| Chrome | 2 | 221.50 |
| Firefox | 7 | 350.43 |
| 2016 | ||
| Chrome | 6 | 158.33 |
| Firefox | 5 | 526.00 |
| 2017 | ||
| Firefox | 10 | 614.00 |
| Chrome | 4 | 350.00 |
| 2018 | ||
| Firefox | 6 | 1527.17 |
| Chrome | 2 | 902.50 |
| 2019 | ||
| Firefox | 12 | 725.67 |
| Chrome | 1 | 154.00 |
| 2020 | ||
| Firefox | 7 | 785.00 |
| Chrome | 1 | 301.00 |
| 2021 | ||
| Chrome | 3 | 473.67 |
| Firefox | 3 | 1069.33 |
| 2022 | ||
| Firefox | 7 | 535.00 |
| 2023 | ||
| Firefox | 3 | 480.67 |
| 2024 | ||
| Firefox | 3 | 65.33 |
| 2025 | ||
| Firefox | 7 | 180.00 |
Below is a list of features that are in Chrome and Firefox
| API | First Browser | Date | Last Browser | Date | Days | Notes |
|---|---|---|---|---|---|---|
| http.data-url 📋 | Firefox | 10/24/2006 | Chrome | 1/25/2010 | 1189 | Edge: Before Edge 79, the maximum size supported is 4GB.Internet Explorer: Since Internet Explorer 9, the maximum size supported is 4GB.Internet Explorer: In Internet Explorer 8, the maximum size supported is 32kB. |
| http.data-url.css_files | Firefox | 10/24/2006 | Chrome | 1/25/2010 | 1189 | |
| http.data-url.html_files | Firefox | 10/24/2006 | Chrome | 1/25/2010 | 1189 | |
| http.data-url.js_files | Firefox | 10/24/2006 | Chrome | 1/25/2010 | 1189 | |
| http.data-url.top_level_navigation_blocked | Chrome | 7/25/2017 | Firefox | 3/13/2018 | 231 | |
| http.headers.Accept 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | Firefox: In Firefox 66, the default Accept header value changed to */*.Firefox for Android: In Firefox for Android 66, the default Accept header value changed to */*. |
| http.headers.Accept-Encoding 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Accept-Encoding.br 📋 | Firefox | 1/26/2016 | Chrome | 4/13/2016 | 78 | Safari: Unsupported before macOS 10.13 High Sierra. |
| http.headers.Accept-Encoding.zstd 📋 | Chrome | 3/19/2024 | Firefox | 5/14/2024 | 56 | Safari: Before macOS 26.3 Tahoe, this header value is not sent. |
| http.headers.Accept-Language 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Accept-Ranges 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Access-Control-Allow-Credentials 📋 | Firefox | 6/30/2009 | Chrome | 1/25/2010 | 209 | |
| http.headers.Access-Control-Allow-Headers 📋 | Firefox | 6/30/2009 | Chrome | 1/25/2010 | 209 | |
| http.headers.Access-Control-Allow-Headers.wildcard | Chrome | 12/6/2017 | Firefox | 9/3/2019 | 636 | |
| http.headers.Access-Control-Allow-Methods 📋 | Firefox | 6/30/2009 | Chrome | 1/25/2010 | 209 | |
| http.headers.Access-Control-Allow-Methods.wildcard | Chrome | 12/6/2017 | Firefox | 9/3/2019 | 636 | |
| http.headers.Access-Control-Allow-Origin 📋 | Firefox | 6/30/2009 | Chrome | 1/25/2010 | 209 | |
| http.headers.Access-Control-Expose-Headers 📋 | Firefox | 6/30/2009 | Chrome | 1/25/2010 | 209 | |
| http.headers.Access-Control-Expose-Headers.wildcard | Chrome | 3/6/2018 | Firefox | 9/3/2019 | 546 | |
| http.headers.Access-Control-Max-Age 📋 | Firefox | 6/30/2009 | Chrome | 1/25/2010 | 209 | |
| http.headers.Access-Control-Request-Headers 📋 | Firefox | 6/30/2009 | Chrome | 1/25/2010 | 209 | |
| http.headers.Access-Control-Request-Method 📋 | Firefox | 6/30/2009 | Chrome | 1/25/2010 | 209 | |
| http.headers.Activate-Storage-Access 📋 | Chrome | 2/4/2025 | Firefox | 1/13/2026 | 343 | |
| http.headers.Age 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Alt-Svc 📋 | Firefox | 5/12/2015 | Chrome | 7/20/2016 | 435 | Firefox: Only supports draft-04Firefox for Android: Only supports draft-04 |
| http.headers.Authorization 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Authorization.Basic 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Authorization.Digest 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Authorization.Digest.SHA-256 | Firefox | 10/5/2021 | Chrome | 9/12/2023 | 707 | |
| http.headers.Authorization.Digest.md5 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Authorization.NTLM | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Authorization.Negotiate 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Cache-Control 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Cache-Control.stale-while-revalidate 📋 | Chrome | 6/4/2019 | Firefox | 7/9/2019 | 35 | |
| http.headers.Clear-Site-Data 📋 | Chrome | 9/5/2017 | Firefox | 10/23/2018 | 413 | |
| http.headers.Clear-Site-Data.cache 📋 | Chrome | 3/6/2018 | Firefox | 4/29/2025 | 2611 | Chrome: Setting this value may increase response duration (see bug 40233601.Chrome: Setting this value may prevent a page from fully load (see bug 41343050.Chrome Android: Setting this value may increase response duration (see bug 40233601.Chrome Android: Setting this value may prevent a page from fully load (see bug 41343050.Edge: Setting this value may increase response duration (see bug 40233601.Quest Browser: Setting this value may increase response duration (see bug 40233601.Opera: Setting this value may increase response duration (see bug 40233601.Opera: Setting this value may prevent a page from fully load (see bug 41343050.Opera Android: Setting this value may increase response duration (see bug 40233601.Opera Android: Setting this value may prevent a page from fully load (see bug 41343050.Samsung Internet: Setting this value may increase response duration (see bug 40233601.WebView Android: Setting this value may increase response duration (see bug 40233601.WebView Android: Setting this value may prevent a page from fully load (see bug 41343050. |
| http.headers.Clear-Site-Data.cookies 📋 | Chrome | 9/5/2017 | Firefox | 10/23/2018 | 413 | |
| http.headers.Clear-Site-Data.secure_context_required | Chrome | 9/5/2017 | Firefox | 10/23/2018 | 413 | |
| http.headers.Clear-Site-Data.storage 📋 | Chrome | 9/5/2017 | Firefox | 10/23/2018 | 413 | |
| http.headers.Clear-Site-Data.wildcard 📋 | Firefox | 10/23/2018 | Chrome | 9/12/2023 | 1785 | |
| http.headers.Connection 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Content-Disposition 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | Chrome: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Chrome Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Firefox: From version 82, if an <a> element's download attribute is set (for a same-origin URL) then the inline directive is ignored. Earlier versions did not match the specification and respected the header directive over the attribute. See bug 1658877.Firefox for Android: From version 82, if an <a> element's download attribute is set (for a same-origin URL) then the inline directive is ignored. Earlier versions did not match the specification and respected the header directive over the attribute. See bug 1658877.Quest Browser: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Opera: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Opera Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Safari: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384.Safari on iOS: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384.Samsung Internet: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.WebView Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.WebView on iOS: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384. |
| http.headers.Content-Encoding 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Content-Encoding.br 📋 | Firefox | 1/26/2016 | Chrome | 4/13/2016 | 78 | Safari: Unsupported before macOS 10.13 High Sierra. |
| http.headers.Content-Encoding.zstd 📋 | Chrome | 3/19/2024 | Firefox | 5/14/2024 | 56 | Safari: Before macOS 26.3 Tahoe, Safari cannot decode Zstandard responses. |
| http.headers.Content-Language 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Content-Length 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Content-Length.cors_response_safelist | Chrome | 7/30/2019 | Firefox | 3/23/2021 | 602 | |
| http.headers.Content-Location 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Content-Range 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Content-Security-Policy 📋 | Chrome | 2/21/2013 | Firefox | 8/6/2013 | 166 | Internet Explorer: Only supporting 'sandbox' directive. |
| http.headers.Content-Security-Policy.base-uri 📋 | Firefox | 1/13/2015 | Chrome | 1/21/2015 | 8 | |
| http.headers.Content-Security-Policy.child-src 📋 | Chrome | 1/21/2015 | Firefox | 3/8/2016 | 412 | |
| http.headers.Content-Security-Policy.connect-src 📋 | Chrome | 2/21/2013 | Firefox | 11/15/2016 | 1363 | Firefox: Before Firefox 50, ping attributes of <a> elements weren't covered by connect-src. |
| http.headers.Content-Security-Policy.default-src 📋 | Chrome | 2/21/2013 | Firefox | 8/6/2013 | 166 | |
| http.headers.Content-Security-Policy.font-src 📋 | Chrome | 2/21/2013 | Firefox | 8/6/2013 | 166 | |
| http.headers.Content-Security-Policy.form-action 📋 | Chrome | 1/21/2015 | Firefox | 2/24/2015 | 34 | |
| http.headers.Content-Security-Policy.frame-ancestors 📋 | Chrome | 1/21/2015 | Firefox | 1/23/2018 | 1098 | Firefox: Before Firefox 58, frame-ancestors is ignored in Content-Security-Policy-Report-Only.Firefox for Android: Before Firefox for Android 58, frame-ancestors is ignored in Content-Security-Policy-Report-Only. |
| http.headers.Content-Security-Policy.frame-src 📋 | Chrome | 2/21/2013 | Firefox | 8/6/2013 | 166 | |
| http.headers.Content-Security-Policy.img-src 📋 | Chrome | 2/21/2013 | Firefox | 8/6/2013 | 166 | |
| http.headers.Content-Security-Policy.manifest-src 📋 | Chrome | 1/21/2015 | Firefox | 9/22/2015 | 244 | |
| http.headers.Content-Security-Policy.media-src 📋 | Chrome | 2/21/2013 | Firefox | 8/6/2013 | 166 | |
| http.headers.Content-Security-Policy.meta-element-support | Chrome | 2/21/2013 | Firefox | 3/8/2016 | 1111 | |
| http.headers.Content-Security-Policy.object-src 📋 | Chrome | 2/21/2013 | Firefox | 8/6/2013 | 166 | |
| http.headers.Content-Security-Policy.report-sample | Chrome | 6/5/2017 | Firefox | 10/23/2018 | 505 | |
| http.headers.Content-Security-Policy.report-to 📋 | Chrome | 10/16/2018 | Firefox | 9/3/2024 | 2149 | |
| http.headers.Content-Security-Policy.report-uri 📋 | Chrome | 2/21/2013 | Firefox | 8/6/2013 | 166 | |
| http.headers.Content-Security-Policy.sandbox 📋 | Chrome | 2/21/2013 | Firefox | 11/15/2016 | 1363 | |
| http.headers.Content-Security-Policy.script-src 📋 | Chrome | 2/21/2013 | Firefox | 8/6/2013 | 166 | |
| http.headers.Content-Security-Policy.script-src.external_scripts 📋 | Chrome | 6/5/2017 | Firefox | 8/1/2023 | 2248 | |
| http.headers.Content-Security-Policy.script-src.wasm-unsafe-eval | Chrome | 1/4/2022 | Firefox | 6/28/2022 | 175 | |
| http.headers.Content-Security-Policy.script-src-attr 📋 | Chrome | 6/4/2019 | Firefox | 12/13/2022 | 1288 | |
| http.headers.Content-Security-Policy.script-src-elem 📋 | Chrome | 6/4/2019 | Firefox | 12/13/2022 | 1288 | |
| http.headers.Content-Security-Policy.strict-dynamic | Chrome | 7/20/2016 | Firefox | 3/7/2017 | 230 | |
| http.headers.Content-Security-Policy.style-src 📋 | Chrome | 2/21/2013 | Firefox | 8/6/2013 | 166 | |
| http.headers.Content-Security-Policy.style-src-attr 📋 | Chrome | 6/4/2019 | Firefox | 12/13/2022 | 1288 | |
| http.headers.Content-Security-Policy.style-src-elem 📋 | Chrome | 6/4/2019 | Firefox | 12/13/2022 | 1288 | Safari: The style-src-elem directive was parsed, but had no effect. See bug 276931.Safari on iOS: The style-src-elem directive was parsed, but had no effect. See bug 276931.WebView on iOS: The style-src-elem directive was parsed, but had no effect. See bug 276931. |
| http.headers.Content-Security-Policy.unsafe-hashes | Chrome | 9/4/2018 | Firefox | 1/17/2023 | 1596 | |
| http.headers.Content-Security-Policy.upgrade-insecure-requests 📋 | Chrome | 5/19/2015 | Firefox | 11/3/2015 | 168 | |
| http.headers.Content-Security-Policy.worker-src 📋 | Chrome | 6/5/2017 | Firefox | 1/23/2018 | 232 | Chrome: Chrome 59 and higher skips the deprecated child-src directive.Chrome Android: Chrome Android 59 and higher skips the deprecated child-src directive.Quest Browser: Quest Browser 5.0 and higher skips the deprecated child-src directive.Opera: Opera 46 and higher skips the deprecated child-src directive.Opera Android: Opera Android 43 and higher skips the deprecated child-src directive.WebView Android: WebView Android 59 and higher skips the deprecated child-src directive. |
| http.headers.Content-Security-Policy.worker_support | Firefox | 11/15/2016 | Chrome | 1/25/2017 | 71 | |
| http.headers.Content-Security-Policy-Report-Only 📋 | Chrome | 2/21/2013 | Firefox | 8/6/2013 | 166 | |
| http.headers.Content-Type 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Cookie 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | Safari: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.Safari on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.WebView on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149. |
| http.headers.Cross-Origin-Embedder-Policy 📋 | Chrome | 5/19/2020 | Firefox | 7/28/2020 | 70 | |
| http.headers.Cross-Origin-Embedder-Policy.credentialless 📋 | Chrome | 11/15/2021 | Firefox | 10/24/2023 | 708 | |
| http.headers.Cross-Origin-Opener-Policy 📋 | Chrome | 5/19/2020 | Firefox | 7/28/2020 | 70 | |
| http.headers.Cross-Origin-Resource-Policy 📋 | Chrome | 3/12/2019 | Firefox | 3/10/2020 | 364 | Chrome: Until version 75, downloads for files with this header would fail in Chrome. See bug 41452948.Chrome: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled.Chrome Android: Until version 75, downloads for files with this header would fail in Chrome Android. See bug 41452948.Chrome Android: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled.Quest Browser: Until version 7.0, downloads for files with this header would fail in Quest Browser. See bug 41452948.Quest Browser: From version 9.0 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 12.0, partial PDF loading is disabled.Opera: Until version 62, downloads for files with this header would fail in Opera. See bug 41452948.Opera: From version 67 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 72, partial PDF loading is disabled.Opera Android: Until version 54, downloads for files with this header would fail in Opera Android. See bug 41452948.Opera Android: From version 57 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 61, partial PDF loading is disabled.WebView Android: Until version 75, downloads for files with this header would fail in WebView Android. See bug 41452948.WebView Android: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled. |
| http.headers.DNT | Firefox | 3/22/2011 | Chrome | 11/6/2012 | 595 | |
| http.headers.Date 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.ETag 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Expires 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.From 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Host 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.If-Match 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.If-Modified-Since 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.If-None-Match 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.If-Range 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.If-Unmodified-Since 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Integrity-Policy 📋 | Chrome | 6/24/2025 | Firefox | 11/11/2025 | 140 | Firefox: Reporting endpoints are ignored (violations are logged to console).Firefox for Android: Reporting endpoints are ignored (violations are logged to console). |
| http.headers.Integrity-Policy.blocked-destinations_script 📋 | Chrome | 6/24/2025 | Firefox | 11/11/2025 | 140 | |
| http.headers.Integrity-Policy-Report-Only 📋 | Chrome | 6/24/2025 | Firefox | 11/11/2025 | 140 | Firefox: Reporting endpoints are ignored (violations are logged to console).Firefox for Android: Reporting endpoints are ignored (violations are logged to console). |
| http.headers.Integrity-Policy-Report-Only.blocked-destinations_script 📋 | Chrome | 6/24/2025 | Firefox | 11/11/2025 | 140 | |
| http.headers.Keep-Alive 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Last-Modified 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Link 📋 | Chrome | 6/21/2022 | Firefox | 11/21/2023 | 518 | |
| http.headers.Link.fetchpriority 📋 | Chrome | 6/21/2022 | Firefox | 10/29/2024 | 861 | |
| http.headers.Location 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Origin 📋 | Chrome | 12/11/2008 | Firefox | 10/22/2019 | 3967 | Edge: Not sent with POST requestsFirefox: Not sent with POST requests, see bug 446344.Firefox for Android: Not sent with POST requests, see bug 446344. |
| http.headers.Origin-Agent-Cluster 📋 | Chrome | 4/13/2021 | Firefox | 4/29/2025 | 1477 | |
| http.headers.Pragma 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Priority 📋 | Chrome | 4/16/2024 | Firefox | 7/9/2024 | 84 | |
| http.headers.Proxy-Authenticate 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Range 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Range.cors_safe | Chrome | 3/1/2022 | Firefox | 8/29/2023 | 546 | |
| http.headers.Referer 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Referer.length_limit_4096B | Chrome | 9/10/2019 | Firefox | 10/22/2019 | 42 | |
| http.headers.Referrer-Policy 📋 | Firefox | 11/15/2016 | Chrome | 1/25/2017 | 71 | |
| http.headers.Referrer-Policy.default_strict-origin-when-cross-origin | Chrome | 8/25/2020 | Firefox | 3/23/2021 | 210 | |
| http.headers.Referrer-Policy.same-origin | Firefox | 3/7/2017 | Chrome | 9/5/2017 | 182 | |
| http.headers.Referrer-Policy.strict-origin | Firefox | 3/7/2017 | Chrome | 9/5/2017 | 182 | |
| http.headers.Referrer-Policy.strict-origin-when-cross-origin | Firefox | 3/7/2017 | Chrome | 9/5/2017 | 182 | |
| http.headers.Refresh 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | Firefox: From version 136 the HTTP Referer header is sent following a refresh that redirects to another page (if permitted)Firefox for Android: From version 136 the HTTP Referer header is sent following a refresh that redirects to another page (if permitted) |
| http.headers.Report-To | Chrome | 10/16/2018 | Firefox | 9/3/2024 | 2149 | |
| http.headers.Reporting-Endpoints 📋 | Chrome | 11/15/2021 | Firefox | 9/3/2024 | 1023 | |
| http.headers.Sec-Fetch-Dest 📋 | Chrome | 2/4/2020 | Firefox | 7/13/2021 | 525 | |
| http.headers.Sec-Fetch-Mode 📋 | Chrome | 7/30/2019 | Firefox | 7/13/2021 | 714 | |
| http.headers.Sec-Fetch-Site 📋 | Chrome | 7/30/2019 | Firefox | 7/13/2021 | 714 | |
| http.headers.Sec-Fetch-Storage-Access 📋 | Chrome | 2/4/2025 | Firefox | 1/13/2026 | 343 | |
| http.headers.Sec-Fetch-User 📋 | Chrome | 7/30/2019 | Firefox | 7/13/2021 | 714 | |
| http.headers.Sec-Purpose 📋 | Chrome | 2/7/2023 | Firefox | 7/4/2023 | 147 | |
| http.headers.Sec-WebSocket-Accept 📋 | Chrome | 12/13/2011 | Firefox | 3/13/2012 | 91 | |
| http.headers.Sec-WebSocket-Extensions 📋 | Chrome | 12/13/2011 | Firefox | 3/13/2012 | 91 | |
| http.headers.Sec-WebSocket-Key 📋 | Chrome | 12/13/2011 | Firefox | 3/13/2012 | 91 | |
| http.headers.Sec-WebSocket-Protocol 📋 | Chrome | 12/13/2011 | Firefox | 3/13/2012 | 91 | |
| http.headers.Sec-WebSocket-Version 📋 | Chrome | 12/13/2011 | Firefox | 3/13/2012 | 91 | |
| http.headers.Server 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Server-Timing 📋 | Chrome | 3/6/2018 | Firefox | 6/26/2018 | 112 | |
| http.headers.Service-Worker 📋 | Chrome | 10/7/2014 | Firefox | 1/26/2016 | 476 | |
| http.headers.Service-Worker-Allowed 📋 | Chrome | 4/14/2015 | Firefox | 8/11/2015 | 119 | |
| http.headers.Set-Cookie 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | Safari: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.Safari on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.WebView on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149. |
| http.headers.Set-Cookie.HttpOnly | Firefox | 6/17/2008 | Chrome | 12/11/2008 | 177 | |
| http.headers.Set-Cookie.Max-Age | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Set-Cookie.Partitioned 📋 | Chrome | 5/30/2023 | Firefox | 7/22/2025 | 784 | |
| http.headers.Set-Cookie.SameSite 📋 | Chrome | 5/25/2016 | Firefox | 5/9/2018 | 714 | Safari: Safari 13 on macOS 10.14 (Mojave), treats SameSite=None and invalid values as Strict. This is fixed in version 10.15 (Catalina) and later.Safari: Treats SameSite=None and invalid values as Strict in macOS before 10.15 Catalina. See bug 198181.Safari on iOS: Treats SameSite=None and invalid values as Strict in iOS before 13. See bug 198181.WebView on iOS: Treats SameSite=None and invalid values as Strict in iOS before 13. See bug 198181. |
| http.headers.Set-Cookie.SameSite.Lax | Chrome | 5/25/2016 | Firefox | 5/9/2018 | 714 | |
| http.headers.Set-Cookie.SameSite.Lax_default | Firefox | 9/3/2019 | Chrome | 2/4/2020 | 154 | |
| http.headers.Set-Cookie.SameSite.None | Firefox | 5/9/2018 | Chrome | 5/29/2018 | 20 | Chrome: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Chrome Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Quest Browser: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Opera: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Opera Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Safari: Not supported before macOS version 10.15 (Catalina).Samsung Internet: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.WebView Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients. |
| http.headers.Set-Cookie.SameSite.Strict | Chrome | 5/25/2016 | Firefox | 5/9/2018 | 714 | |
| http.headers.Set-Cookie.SameSite.none_requires_secure | Chrome | 2/4/2020 | Firefox | 10/1/2024 | 1701 | |
| http.headers.Set-Cookie.SameSite.schemeful | Firefox | 7/28/2020 | Chrome | 5/25/2021 | 301 | |
| http.headers.Set-Cookie.host_secure_prefixes | Chrome | 3/2/2016 | Firefox | 11/15/2016 | 258 | |
| http.headers.Set-Cookie.http_host-http_prefixes | Chrome | 9/2/2025 | Firefox | 9/16/2025 | 14 | Firefox: __Host-Http- is supported under its original name __HostHttp-. See bug 1982555.Firefox for Android: __Host-Http- is supported under its original name __HostHttp-. See bug 1982555. |
| http.headers.Set-Login 📋 | Chrome | 12/5/2023 | Firefox | 4/29/2025 | 511 | |
| http.headers.SourceMap 📋 | Chrome | 3/28/2012 | Firefox | 8/8/2017 | 1959 | Chrome: Not supported for ECMAScript Modules ( <script type="module">). See bug 40854862.Chrome Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Edge: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Quest Browser: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Opera: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Opera Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Samsung Internet: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.WebView Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862. |
| http.headers.Strict-Transport-Security 📋 | Chrome | 1/25/2010 | Firefox | 3/22/2011 | 421 | |
| http.headers.TE 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Timing-Allow-Origin 📋 | Firefox | 3/8/2016 | Chrome | 10/12/2016 | 218 | |
| http.headers.Transfer-Encoding 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Upgrade 📋 | Chrome | 5/25/2010 | Firefox | 8/16/2011 | 448 | |
| http.headers.Upgrade-Insecure-Requests 📋 | Chrome | 7/21/2015 | Firefox | 8/2/2016 | 378 | |
| http.headers.User-Agent 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Vary 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Via 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.WWW-Authenticate 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.WWW-Authenticate.Basic 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.WWW-Authenticate.Digest 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.WWW-Authenticate.Digest.SHA-256 | Firefox | 10/5/2021 | Chrome | 9/12/2023 | 707 | |
| http.headers.WWW-Authenticate.Digest.md5 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.WWW-Authenticate.NTLM | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.WWW-Authenticate.Negotiate 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.Warning 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.headers.X-Content-Type-Options 📋 | Firefox | 11/15/2016 | Chrome | 1/23/2018 | 434 | Chrome: Not supported for stylesheets.Chrome Android: Not supported for stylesheets.Opera: Not supported for stylesheets.Opera Android: Not supported for stylesheets.Samsung Internet: Not supported for stylesheets.WebView Android: Not supported for stylesheets. |
| http.headers.X-DNS-Prefetch-Control | Firefox | 10/24/2006 | Chrome | 12/11/2008 | 779 | |
| http.headers.X-Frame-Options 📋 | Chrome | 1/25/2010 | Firefox | 3/22/2011 | 421 | |
| http.headers.X-Frame-Options.SAMEORIGIN | Chrome | 1/25/2010 | Firefox | 3/22/2011 | 421 | Chrome: Starting in Chrome 61, this applies to all of a frame's ancestors.Chrome Android: Starting in Chrome Android 61, this applies to all of a frame's ancestors.Firefox: Starting in Firefox 59, this applies to all of a frame's ancestors.Firefox for Android: Starting in Firefox for Android 59, this applies to all of a frame's ancestors.Quest Browser: Starting in Quest Browser 5.0, this applies to all of a frame's ancestors.Opera: Starting in Opera 48, this applies to all of a frame's ancestors.Opera Android: Starting in Opera Android 45, this applies to all of a frame's ancestors.Samsung Internet: Starting in Samsung Internet 8.0, this applies to all of a frame's ancestors.WebView Android: Starting in WebView Android 61, this applies to all of a frame's ancestors. |
| http.methods.CONNECT 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.methods.DELETE 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.methods.GET 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.methods.HEAD 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.methods.OPTIONS 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.methods.POST 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.methods.PUT 📋 | Firefox | 11/9/2004 | Chrome | 12/11/2008 | 1493 | |
| http.mixed-content 📋 | Firefox | 8/6/2013 | Chrome | 12/10/2019 | 2317 | |
| http.mixed-content.allow_file_urls 📋 | Firefox | 8/6/2013 | Chrome | 12/10/2019 | 2317 | |
| http.mixed-content.allow_localhost_url 📋 | Chrome | 12/10/2019 | Firefox | 12/15/2020 | 371 | |
| http.mixed-content.allow_loopback_url 📋 | Firefox | 8/8/2017 | Chrome | 12/10/2019 | 854 | |
| http.mixed-content.auto_upgrade_images 📋 | Chrome | 10/20/2020 | Firefox | 6/11/2024 | 1330 | Firefox: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox: Set security.mixed_content.block_display_content preference to true to block all mixed content.Firefox for Android: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox for Android: Set security.mixed_content.block_display_content preference to true to block all mixed content. |
| http.mixed-content.auto_upgrade_video_audio 📋 | Chrome | 2/4/2020 | Firefox | 6/11/2024 | 1589 | Firefox: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox: Set security.mixed_content.block_display_content preference to true to block all mixed content.Firefox for Android: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox for Android: Set security.mixed_content.block_display_content preference to true to block all mixed content. |
| http.mixed-content.block_mixed_downloads 📋 | Firefox | 7/13/2021 | Chrome | 7/20/2021 | 7 | |
| http.mixed-content.blockable_mixed_content 📋 | Firefox | 8/6/2013 | Chrome | 12/10/2019 | 2317 | Chrome: From version 79 blocks iframes, scripts, and stylesheets.Chrome Android: From version 79 blocks iframes, scripts, and stylesheets.Edge: From version 79 blocks iframes, scripts, and stylesheets.Quest Browser: From version 8.0 blocks iframes, scripts, and stylesheets.Opera: From version 66 blocks iframes, scripts, and stylesheets.Opera Android: From version 57 blocks iframes, scripts, and stylesheets.Samsung Internet: From version 12.0 blocks iframes, scripts, and stylesheets.WebView Android: From version 79 blocks iframes, scripts, and stylesheets. |
| http.status.103 📋 | Chrome | 6/21/2022 | Firefox | 11/21/2023 | 518 | Chrome: Supported in HTTP/2 and later only.Chrome Android: Supported in HTTP/2 and later only.Edge: Supported in HTTP/2 and later only.Quest Browser: Supported in HTTP/2 and later only.Opera: Supported in HTTP/2 and later only.Opera Android: Supported in HTTP/2 and later only.Safari: Supported in HTTP/2 and later only.Safari on iOS: Supported in HTTP/2 and later only.Samsung Internet: Supported in HTTP/2 and later only.WebView Android: Supported in HTTP/2 and later only.WebView on iOS: Supported in HTTP/2 and later only. |
| http.status.103.preconnect | Chrome | 6/21/2022 | Firefox | 11/21/2023 | 518 | |
| http.status.103.preload | Chrome | 6/21/2022 | Firefox | 2/20/2024 | 609 | |
| http.status.308 📋 | Firefox | 7/17/2012 | Chrome | 7/16/2014 | 729 | Internet Explorer: Does not work below Windows 10. |