All APIs

For a given set of browsers what is the API status

Example Comparisons
Browsers
Features

Summary

All APIs

Below is a list of features that are in all filtered by Chrome and Chrome Android

Raw Data

API Category Notes
http.data-url 📋HTTP
Edge: Before Edge 79, the maximum size supported is 4GB.Internet Explorer: Since Internet Explorer 9, the maximum size supported is 4GB.Internet Explorer: In Internet Explorer 8, the maximum size supported is 32kB.
http.data-url.css_files HTTP
http.data-url.html_files HTTP
http.data-url.js_files HTTP
http.data-url.top_level_navigation_blocked HTTP
http.headers.Accept 📋HTTP
Firefox: In Firefox 66, the default Accept header value changed to */*.Firefox for Android: In Firefox for Android 66, the default Accept header value changed to */*.
http.headers.Accept-CH 📋HTTP
http.headers.Accept-CH.Content-DPR HTTP
http.headers.Accept-CH.DPR HTTP
http.headers.Accept-CH.Device-Memory HTTP
http.headers.Accept-CH.Sec-CH-DPR 📋HTTP
http.headers.Accept-CH.Sec-CH-Device-Memory 📋HTTP
http.headers.Accept-CH.Sec-CH-UA HTTP
http.headers.Accept-CH.Sec-CH-UA-Arch HTTP
http.headers.Accept-CH.Sec-CH-UA-Full-Version HTTP
http.headers.Accept-CH.Sec-CH-UA-Mobile HTTP
http.headers.Accept-CH.Sec-CH-UA-Model HTTP
http.headers.Accept-CH.Sec-CH-UA-Platform HTTP
http.headers.Accept-CH.Sec-CH-UA-Platform-Version HTTP
http.headers.Accept-CH.Sec-CH-Viewport-Height 📋HTTP
http.headers.Accept-CH.Sec-CH-Viewport-Width 📋HTTP
http.headers.Accept-CH.Sec-CH-Width 📋HTTP
http.headers.Accept-CH.Viewport-Width HTTP
http.headers.Accept-CH.Width HTTP
http.headers.Accept-Encoding 📋HTTP
http.headers.Accept-Encoding.br 📋HTTP
Safari: Unsupported before macOS 10.13 High Sierra.
http.headers.Accept-Encoding.dcb HTTP
http.headers.Accept-Encoding.dcz HTTP
http.headers.Accept-Encoding.zstd 📋HTTP
Safari: Before macOS 26.3 Tahoe, this header value is not sent.
http.headers.Accept-Language 📋HTTP
http.headers.Accept-Ranges 📋HTTP
http.headers.Access-Control-Allow-Credentials 📋HTTP
http.headers.Access-Control-Allow-Headers 📋HTTP
http.headers.Access-Control-Allow-Headers.authorization_not_covered_by_wildcard HTTP
http.headers.Access-Control-Allow-Headers.wildcard HTTP
http.headers.Access-Control-Allow-Methods 📋HTTP
http.headers.Access-Control-Allow-Methods.wildcard HTTP
http.headers.Access-Control-Allow-Origin 📋HTTP
http.headers.Access-Control-Expose-Headers 📋HTTP
http.headers.Access-Control-Expose-Headers.wildcard HTTP
http.headers.Access-Control-Max-Age 📋HTTP
http.headers.Access-Control-Request-Headers 📋HTTP
http.headers.Access-Control-Request-Method 📋HTTP
http.headers.Activate-Storage-Access 📋HTTP
http.headers.Age 📋HTTP
http.headers.Alt-Svc 📋HTTP
Firefox: Only supports draft-04Firefox for Android: Only supports draft-04
http.headers.Attribution-Reporting-Eligible 📋HTTP
http.headers.Attribution-Reporting-Register-Source 📋HTTP
http.headers.Attribution-Reporting-Register-Trigger 📋HTTP
http.headers.Attribution-Reporting-Support 📋HTTP
http.headers.Authorization 📋HTTP
http.headers.Authorization.Basic 📋HTTP
http.headers.Authorization.Digest 📋HTTP
http.headers.Authorization.Digest.SHA-256 HTTP
http.headers.Authorization.Digest.md5 HTTP
http.headers.Authorization.NTLM HTTP
http.headers.Authorization.Negotiate 📋HTTP
http.headers.Authorization.authorization_removed_cross_origin 📋HTTP
http.headers.Available-Dictionary 📋HTTP
http.headers.Cache-Control 📋HTTP
http.headers.Cache-Control.immutable HTTP
http.headers.Cache-Control.stale-while-revalidate 📋HTTP
http.headers.Clear-Site-Data 📋HTTP
http.headers.Clear-Site-Data.cache 📋HTTP
Chrome: Setting this value may increase response duration (see bug 40233601.Chrome: Setting this value may prevent a page from fully load (see bug 41343050.Chrome Android: Setting this value may increase response duration (see bug 40233601.Chrome Android: Setting this value may prevent a page from fully load (see bug 41343050.Edge: Setting this value may increase response duration (see bug 40233601.Quest Browser: Setting this value may increase response duration (see bug 40233601.Opera: Setting this value may increase response duration (see bug 40233601.Opera: Setting this value may prevent a page from fully load (see bug 41343050.Opera Android: Setting this value may increase response duration (see bug 40233601.Opera Android: Setting this value may prevent a page from fully load (see bug 41343050.Samsung Internet: Setting this value may increase response duration (see bug 40233601.WebView Android: Setting this value may increase response duration (see bug 40233601.WebView Android: Setting this value may prevent a page from fully load (see bug 41343050.
http.headers.Clear-Site-Data.clientHints 📋HTTP
http.headers.Clear-Site-Data.cookies 📋HTTP
http.headers.Clear-Site-Data.executionContexts 📋HTTP
http.headers.Clear-Site-Data.prefetchCache HTTP
http.headers.Clear-Site-Data.prerenderCache HTTP
http.headers.Clear-Site-Data.secure_context_required HTTP
http.headers.Clear-Site-Data.storage 📋HTTP
http.headers.Clear-Site-Data.wildcard 📋HTTP
http.headers.Connection 📋HTTP
http.headers.Content-DPR HTTP
http.headers.Content-Disposition 📋HTTP
Chrome: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Chrome Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Firefox: From version 82, if an <a> element's download attribute is set (for a same-origin URL) then the inline directive is ignored. Earlier versions did not match the specification and respected the header directive over the attribute. See bug 1658877.Firefox for Android: From version 82, if an <a> element's download attribute is set (for a same-origin URL) then the inline directive is ignored. Earlier versions did not match the specification and respected the header directive over the attribute. See bug 1658877.Quest Browser: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Opera: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Opera Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Safari: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384.Safari on iOS: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384.Samsung Internet: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.WebView Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.WebView on iOS: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384.
http.headers.Content-Encoding 📋HTTP
http.headers.Content-Encoding.br 📋HTTP
Safari: Unsupported before macOS 10.13 High Sierra.
http.headers.Content-Encoding.dcb HTTP
http.headers.Content-Encoding.dcz HTTP
http.headers.Content-Encoding.zstd 📋HTTP
Safari: Before macOS 26.3 Tahoe, Safari cannot decode Zstandard responses.
http.headers.Content-Language 📋HTTP
http.headers.Content-Length 📋HTTP
http.headers.Content-Length.cors_response_safelist HTTP
http.headers.Content-Location 📋HTTP
http.headers.Content-Range 📋HTTP
http.headers.Content-Security-Policy 📋HTTP
Internet Explorer: Only supporting 'sandbox' directive.
http.headers.Content-Security-Policy.base-uri 📋HTTP
http.headers.Content-Security-Policy.block-all-mixed-content HTTP
Chrome: Will be removed, see bug 40260100.Chrome Android: Will be removed, see bug 40260100.Edge: Will be removed, see bug 40260100.Quest Browser: Will be removed, see bug 40260100.Opera: Will be removed, see bug 40260100.Opera Android: Will be removed, see bug 40260100.Samsung Internet: Will be removed, see bug 40260100.WebView Android: Will be removed, see bug 40260100.
http.headers.Content-Security-Policy.child-src 📋HTTP
http.headers.Content-Security-Policy.connect-src 📋HTTP
Firefox: Before Firefox 50, ping attributes of <a> elements weren't covered by connect-src.
http.headers.Content-Security-Policy.default-src 📋HTTP
http.headers.Content-Security-Policy.fenced-frame-src 📋HTTP
http.headers.Content-Security-Policy.font-src 📋HTTP
http.headers.Content-Security-Policy.form-action 📋HTTP
http.headers.Content-Security-Policy.form-action.blocks_redirects HTTP
http.headers.Content-Security-Policy.frame-ancestors 📋HTTP
Firefox: Before Firefox 58, frame-ancestors is ignored in Content-Security-Policy-Report-Only.Firefox for Android: Before Firefox for Android 58, frame-ancestors is ignored in Content-Security-Policy-Report-Only.
http.headers.Content-Security-Policy.frame-src 📋HTTP
http.headers.Content-Security-Policy.img-src 📋HTTP
http.headers.Content-Security-Policy.manifest-src 📋HTTP
http.headers.Content-Security-Policy.media-src 📋HTTP
http.headers.Content-Security-Policy.meta-element-support HTTP
http.headers.Content-Security-Policy.object-src 📋HTTP
http.headers.Content-Security-Policy.prefetch-src HTTP
http.headers.Content-Security-Policy.report-sample HTTP
http.headers.Content-Security-Policy.report-to 📋HTTP
http.headers.Content-Security-Policy.report-uri 📋HTTP
http.headers.Content-Security-Policy.require-trusted-types-for 📋HTTP
http.headers.Content-Security-Policy.sandbox 📋HTTP
http.headers.Content-Security-Policy.script-src 📋HTTP
http.headers.Content-Security-Policy.script-src.external_scripts 📋HTTP
http.headers.Content-Security-Policy.script-src.inline-speculation-rules HTTP
http.headers.Content-Security-Policy.script-src.trusted-types-eval 📋HTTP
http.headers.Content-Security-Policy.script-src.wasm-unsafe-eval HTTP
http.headers.Content-Security-Policy.script-src-attr 📋HTTP
http.headers.Content-Security-Policy.script-src-elem 📋HTTP
http.headers.Content-Security-Policy.strict-dynamic HTTP
http.headers.Content-Security-Policy.style-src 📋HTTP
http.headers.Content-Security-Policy.style-src-attr 📋HTTP
http.headers.Content-Security-Policy.style-src-elem 📋HTTP
Safari: The style-src-elem directive was parsed, but had no effect. See bug 276931.Safari on iOS: The style-src-elem directive was parsed, but had no effect. See bug 276931.WebView on iOS: The style-src-elem directive was parsed, but had no effect. See bug 276931.
http.headers.Content-Security-Policy.trusted-types 📋HTTP
http.headers.Content-Security-Policy.unsafe-hashes HTTP
http.headers.Content-Security-Policy.upgrade-insecure-requests 📋HTTP
http.headers.Content-Security-Policy.worker-src 📋HTTP
Chrome: Chrome 59 and higher skips the deprecated child-src directive.Chrome Android: Chrome Android 59 and higher skips the deprecated child-src directive.Quest Browser: Quest Browser 5.0 and higher skips the deprecated child-src directive.Opera: Opera 46 and higher skips the deprecated child-src directive.Opera Android: Opera Android 43 and higher skips the deprecated child-src directive.WebView Android: WebView Android 59 and higher skips the deprecated child-src directive.
http.headers.Content-Security-Policy.worker_support HTTP
http.headers.Content-Security-Policy-Report-Only 📋HTTP
http.headers.Content-Type 📋HTTP
http.headers.Cookie 📋HTTP
Safari: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.Safari on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.WebView on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.
http.headers.Critical-CH 📋HTTP
http.headers.Cross-Origin-Embedder-Policy 📋HTTP
http.headers.Cross-Origin-Embedder-Policy.credentialless 📋HTTP
http.headers.Cross-Origin-Embedder-Policy.report-to_parameter 📋HTTP
http.headers.Cross-Origin-Opener-Policy 📋HTTP
http.headers.Cross-Origin-Opener-Policy.noopener-allow-popups 📋HTTP
http.headers.Cross-Origin-Opener-Policy.report-to_parameter 📋HTTP
http.headers.Cross-Origin-Resource-Policy 📋HTTP
Chrome: Until version 75, downloads for files with this header would fail in Chrome. See bug 41452948.Chrome: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled.Chrome Android: Until version 75, downloads for files with this header would fail in Chrome Android. See bug 41452948.Chrome Android: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled.Quest Browser: Until version 7.0, downloads for files with this header would fail in Quest Browser. See bug 41452948.Quest Browser: From version 9.0 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 12.0, partial PDF loading is disabled.Opera: Until version 62, downloads for files with this header would fail in Opera. See bug 41452948.Opera: From version 67 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 72, partial PDF loading is disabled.Opera Android: Until version 54, downloads for files with this header would fail in Opera Android. See bug 41452948.Opera Android: From version 57 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 61, partial PDF loading is disabled.WebView Android: Until version 75, downloads for files with this header would fail in WebView Android. See bug 41452948.WebView Android: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled.
http.headers.DNT HTTP
http.headers.DPR HTTP
http.headers.Date 📋HTTP
http.headers.Device-Memory HTTP
Chrome: From Chrome 147, reported values are 2, 4, 8, 16, and 32.Chrome: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Chrome Android: From Chrome 147, reported values are 1, 2, 4, and 8.Chrome Android: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Edge: From Edge 147, reported values are 2, 4, 8, 16, and 32.Edge: Before Edge 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Quest Browser: From Chrome 147, reported values are 1, 2, 4, and 8.Quest Browser: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Opera: From Opera false, reported values are 2, 4, 8, 16, and 32.Opera: Before Opera false, reported values were 0.25, 0.5, 1, 2, 4, and 8.Opera Android: From Chrome 147, reported values are 1, 2, 4, and 8.Opera Android: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Samsung Internet: From Chrome 147, reported values are 1, 2, 4, and 8.Samsung Internet: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.WebView Android: From Chrome 147, reported values are 1, 2, 4, and 8.WebView Android: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.
http.headers.Dictionary-ID 📋HTTP
http.headers.Downlink 📋HTTP
Chrome: The value is never greater than 10 Mbps, as a non-standard anti-fingerprinting measure.Chrome Android: The value is never greater than 10 Mbps, as a non-standard anti-fingerprinting measure.Edge: The value is never greater than 10 Mbps, as a non-standard anti-fingerprinting measure.Quest Browser: The value is never greater than 10 Mbps, as a non-standard anti-fingerprinting measure.Opera: The value is never greater than 10 Mbps, as a non-standard anti-fingerprinting measure.Opera Android: The value is never greater than 10 Mbps, as a non-standard anti-fingerprinting measure.Samsung Internet: The value is never greater than 10 Mbps, as a non-standard anti-fingerprinting measure.WebView Android: The value is never greater than 10 Mbps, as a non-standard anti-fingerprinting measure.
http.headers.ECT 📋HTTP
http.headers.ETag 📋HTTP
http.headers.Early-Data 📋HTTP
http.headers.Expect-CT 📋HTTP
Chrome: Before later builds of Chrome 64, invalid Expect-CT reports would be sent. Newer versions do not send reports after 10 weeks from the build date. See bug 41356303.Chrome Android: Before later builds of Chrome Android 64, invalid Expect-CT reports would be sent. Newer versions do not send reports after 10 weeks from the build date. See bug 41356303.Edge: Before later builds of Edge 79, invalid Expect-CT reports would be sent. Newer versions do not send reports after 10 weeks from the build date. See bug 41356303.Quest Browser: Before later builds of Quest Browser 5.0, invalid Expect-CT reports would be sent. Newer versions do not send reports after 10 weeks from the build date. See bug 41356303.Opera: Before later builds of Opera 51, invalid Expect-CT reports would be sent. Newer versions do not send reports after 10 weeks from the build date. See bug 41356303.Opera Android: Before later builds of Opera Android 47, invalid Expect-CT reports would be sent. Newer versions do not send reports after 10 weeks from the build date. See bug 41356303.Samsung Internet: Before later builds of Samsung Internet 9.0, invalid Expect-CT reports would be sent. Newer versions do not send reports after 10 weeks from the build date. See bug 41356303.
http.headers.Expires 📋HTTP
http.headers.Feature-Policy HTTP
http.headers.Feature-Policy.accelerometer 📋HTTP
http.headers.Feature-Policy.ambient-light-sensor 📋HTTP
http.headers.Feature-Policy.attribution-reporting 📋HTTP
http.headers.Feature-Policy.autoplay 📋HTTP
http.headers.Feature-Policy.bluetooth 📋HTTP
http.headers.Feature-Policy.browsing-topics HTTP
http.headers.Feature-Policy.camera 📋HTTP
http.headers.Feature-Policy.compute-pressure 📋HTTP
http.headers.Feature-Policy.cross-origin-isolated 📋HTTP
http.headers.Feature-Policy.deferred-fetch 📋HTTP
http.headers.Feature-Policy.deferred-fetch-minimal 📋HTTP
http.headers.Feature-Policy.display-capture 📋HTTP
http.headers.Feature-Policy.document-domain 📋HTTP
http.headers.Feature-Policy.encrypted-media 📋HTTP
http.headers.Feature-Policy.fullscreen 📋HTTP
http.headers.Feature-Policy.geolocation 📋HTTP
http.headers.Feature-Policy.gyroscope 📋HTTP
http.headers.Feature-Policy.hid 📋HTTP
http.headers.Feature-Policy.identity-credentials-get 📋HTTP
http.headers.Feature-Policy.idle-detection 📋HTTP
http.headers.Feature-Policy.local-fonts 📋HTTP
http.headers.Feature-Policy.magnetometer 📋HTTP
http.headers.Feature-Policy.microphone 📋HTTP
http.headers.Feature-Policy.midi 📋HTTP
http.headers.Feature-Policy.otp-credentials 📋HTTP
http.headers.Feature-Policy.payment 📋HTTP
http.headers.Feature-Policy.picture-in-picture 📋HTTP
http.headers.Feature-Policy.publickey-credentials-create 📋HTTP
http.headers.Feature-Policy.publickey-credentials-get 📋HTTP
http.headers.Feature-Policy.screen-wake-lock 📋HTTP
http.headers.Feature-Policy.serial 📋HTTP
http.headers.Feature-Policy.storage-access 📋HTTP
http.headers.Feature-Policy.usb 📋HTTP
http.headers.Feature-Policy.web-share 📋HTTP
http.headers.Feature-Policy.wildcards HTTP
http.headers.Feature-Policy.window-management 📋HTTP
http.headers.Feature-Policy.xr-spatial-tracking 📋HTTP
http.headers.From 📋HTTP
http.headers.Host 📋HTTP
http.headers.Idempotency-Key 📋HTTP
Firefox: Automatically adds a unique 64-bit key for POST requests when needed, if not set in JavaScript.
http.headers.If-Match 📋HTTP
http.headers.If-Modified-Since 📋HTTP
http.headers.If-None-Match 📋HTTP
http.headers.If-Range 📋HTTP
http.headers.If-Unmodified-Since 📋HTTP
http.headers.Integrity-Policy 📋HTTP
Firefox: Reporting endpoints are ignored (violations are logged to console).Firefox for Android: Reporting endpoints are ignored (violations are logged to console).
http.headers.Integrity-Policy.blocked-destinations_script 📋HTTP
http.headers.Integrity-Policy.blocked-destinations_style 📋HTTP
http.headers.Integrity-Policy-Report-Only 📋HTTP
Firefox: Reporting endpoints are ignored (violations are logged to console).Firefox for Android: Reporting endpoints are ignored (violations are logged to console).
http.headers.Integrity-Policy-Report-Only.blocked-destinations_script 📋HTTP
http.headers.Integrity-Policy-Report-Only.blocked-destinations_style 📋HTTP
http.headers.Keep-Alive 📋HTTP
http.headers.Last-Modified 📋HTTP
http.headers.Link 📋HTTP
http.headers.Link.fetchpriority 📋HTTP
http.headers.Location 📋HTTP
http.headers.NEL 📋HTTP
http.headers.No-Vary-Search 📋HTTP
Chrome: Before Chrome 127, speculation rules are only supported for navigational prefetch, not prerender.Chrome: Before Chrome 141, HTTP cache is not supported.Chrome Android: Before Chrome Android 127, speculation rules are only supported for navigational prefetch, not prerender.Chrome Android: Before Chrome Android 141, HTTP cache is not supported.Edge: Before Edge 127, speculation rules are only supported for navigational prefetch, not prerender.Edge: Before Edge 141, HTTP cache is not supported.Opera: Before Opera 113, speculation rules are only supported for navigational prefetch, not prerender.Opera: Before Opera 125, HTTP cache is not supported.Opera Android: Before Opera Android 84, speculation rules are only supported for navigational prefetch, not prerender.Opera Android: Before Opera Android 93, HTTP cache is not supported.Samsung Internet: Before Samsung Internet 28.0, speculation rules are only supported for navigational prefetch, not prerender.Samsung Internet: Before Samsung Internet false, HTTP cache is not supported.WebView Android: Before WebView Android 127, speculation rules are only supported for navigational prefetch, not prerender.WebView Android: Before WebView Android 141, HTTP cache is not supported.
http.headers.No-Vary-Search.http_cache 📋HTTP
http.headers.No-Vary-Search.speculation_rules_prefetch 📋HTTP
http.headers.No-Vary-Search.speculation_rules_prerender 📋HTTP
http.headers.Observe-Browsing-Topics HTTP
http.headers.Origin 📋HTTP
Edge: Not sent with POST requestsFirefox: Not sent with POST requests, see bug 446344.Firefox for Android: Not sent with POST requests, see bug 446344.
http.headers.Origin-Agent-Cluster 📋HTTP
http.headers.Permissions-Policy 📋HTTP
http.headers.Permissions-Policy.accelerometer 📋HTTP
http.headers.Permissions-Policy.ambient-light-sensor 📋HTTP
http.headers.Permissions-Policy.aria-notify HTTP
Chrome: Not supported on ChromeOS.Chrome Android: Not supported on ChromeOS.Edge: Not supported on ChromeOS.Opera: Not supported on ChromeOS.Opera Android: Not supported on ChromeOS.WebView Android: Not supported on ChromeOS.
http.headers.Permissions-Policy.attribution-reporting 📋HTTP
http.headers.Permissions-Policy.autoplay 📋HTTP
http.headers.Permissions-Policy.bluetooth 📋HTTP
http.headers.Permissions-Policy.browsing-topics HTTP
http.headers.Permissions-Policy.camera 📋HTTP
http.headers.Permissions-Policy.captured-surface-control 📋HTTP
http.headers.Permissions-Policy.ch-ua-high-entropy-values 📋HTTP
http.headers.Permissions-Policy.compute-pressure 📋HTTP
http.headers.Permissions-Policy.cross-origin-isolated 📋HTTP
http.headers.Permissions-Policy.deferred-fetch 📋HTTP
http.headers.Permissions-Policy.deferred-fetch-minimal 📋HTTP
http.headers.Permissions-Policy.display-capture 📋HTTP
http.headers.Permissions-Policy.encrypted-media 📋HTTP
http.headers.Permissions-Policy.fullscreen 📋HTTP
http.headers.Permissions-Policy.gamepad 📋HTTP
http.headers.Permissions-Policy.geolocation 📋HTTP
http.headers.Permissions-Policy.gyroscope 📋HTTP
http.headers.Permissions-Policy.hid 📋HTTP
http.headers.Permissions-Policy.identity-credentials-get 📋HTTP
http.headers.Permissions-Policy.idle-detection 📋HTTP
http.headers.Permissions-Policy.local-fonts 📋HTTP
http.headers.Permissions-Policy.magnetometer 📋HTTP
http.headers.Permissions-Policy.microphone 📋HTTP
http.headers.Permissions-Policy.midi 📋HTTP
http.headers.Permissions-Policy.on-device-speech-recognition 📋HTTP
http.headers.Permissions-Policy.otp-credentials 📋HTTP
http.headers.Permissions-Policy.payment 📋HTTP
http.headers.Permissions-Policy.picture-in-picture 📋HTTP
http.headers.Permissions-Policy.private-state-token-issuance 📋HTTP
http.headers.Permissions-Policy.private-state-token-redemption 📋HTTP
http.headers.Permissions-Policy.publickey-credentials-create 📋HTTP
http.headers.Permissions-Policy.publickey-credentials-get 📋HTTP
http.headers.Permissions-Policy.screen-wake-lock 📋HTTP
http.headers.Permissions-Policy.serial 📋HTTP
http.headers.Permissions-Policy.storage-access 📋HTTP
http.headers.Permissions-Policy.summarizer 📋HTTP
http.headers.Permissions-Policy.usb 📋HTTP
http.headers.Permissions-Policy.web-share 📋HTTP
http.headers.Permissions-Policy.wildcards HTTP
http.headers.Permissions-Policy.window-management 📋HTTP
http.headers.Permissions-Policy.xr-spatial-tracking 📋HTTP
http.headers.Pragma 📋HTTP
http.headers.Priority 📋HTTP
http.headers.Proxy-Authenticate 📋HTTP
http.headers.RTT 📋HTTP
Chrome: The value is never greater than 3000 ms, as a non-standard anti-fingerprinting measure.Chrome Android: The value is never greater than 3000 ms, as a non-standard anti-fingerprinting measure.Edge: The value is never greater than 3000 ms, as a non-standard anti-fingerprinting measure.Quest Browser: The value is never greater than 3000 ms, as a non-standard anti-fingerprinting measure.Opera: The value is never greater than 3000 ms, as a non-standard anti-fingerprinting measure.Opera Android: The value is never greater than 3000 ms, as a non-standard anti-fingerprinting measure.Samsung Internet: The value is never greater than 3000 ms, as a non-standard anti-fingerprinting measure.WebView Android: The value is never greater than 3000 ms, as a non-standard anti-fingerprinting measure.
http.headers.Range 📋HTTP
http.headers.Range.cors_safe HTTP
http.headers.Referer 📋HTTP
http.headers.Referer.length_limit_4096B HTTP
http.headers.Referrer-Policy 📋HTTP
http.headers.Referrer-Policy.default_strict-origin-when-cross-origin HTTP
http.headers.Referrer-Policy.no-referrer-when-downgrade HTTP
http.headers.Referrer-Policy.origin-when-cross-origin HTTP
http.headers.Referrer-Policy.same-origin HTTP
http.headers.Referrer-Policy.strict-origin HTTP
http.headers.Referrer-Policy.strict-origin-when-cross-origin HTTP
http.headers.Referrer-Policy.unsafe-url HTTP
http.headers.Refresh 📋HTTP
Firefox: From version 136 the HTTP Referer header is sent following a refresh that redirects to another page (if permitted)Firefox for Android: From version 136 the HTTP Referer header is sent following a refresh that redirects to another page (if permitted)
http.headers.Report-To HTTP
http.headers.Reporting-Endpoints 📋HTTP
http.headers.Retry-After 📋HTTP
http.headers.Save-Data 📋HTTP
http.headers.Sec-Browsing-Topics HTTP
http.headers.Sec-CH-DPR 📋HTTP
http.headers.Sec-CH-Device-Memory 📋HTTP
Chrome: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Chrome: From Chrome 147, reported values are 2, 4, 8, 16, and 32.Chrome: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Chrome: From Chrome 147, reported values are 2, 4, 8, 16, and 32.Chrome Android: From Chrome 147, reported values are 1, 2, 4, and 8.Chrome Android: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Chrome Android: From Chrome 147, reported values are 1, 2, 4, and 8.Chrome Android: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Edge: Before Edge 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Edge: From Edge 147, reported values are 2, 4, 8, 16, and 32.Edge: Before Edge 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Edge: From Edge 147, reported values are 2, 4, 8, 16, and 32.Quest Browser: From Chrome 147, reported values are 1, 2, 4, and 8.Quest Browser: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Quest Browser: From Chrome 147, reported values are 1, 2, 4, and 8.Quest Browser: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Opera: Before Opera false, reported values were 0.25, 0.5, 1, 2, 4, and 8.Opera: From Opera false, reported values are 2, 4, 8, 16, and 32.Opera: Before Opera false, reported values were 0.25, 0.5, 1, 2, 4, and 8.Opera: From Opera false, reported values are 2, 4, 8, 16, and 32.Opera Android: From Chrome 147, reported values are 1, 2, 4, and 8.Opera Android: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Opera Android: From Chrome 147, reported values are 1, 2, 4, and 8.Opera Android: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Samsung Internet: From Chrome 147, reported values are 1, 2, 4, and 8.Samsung Internet: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.Samsung Internet: From Chrome 147, reported values are 1, 2, 4, and 8.Samsung Internet: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.WebView Android: From Chrome 147, reported values are 1, 2, 4, and 8.WebView Android: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.WebView Android: From Chrome 147, reported values are 1, 2, 4, and 8.WebView Android: Before Chrome 147, reported values were 0.25, 0.5, 1, 2, 4, and 8.
http.headers.Sec-CH-Prefers-Color-Scheme 📋HTTP
http.headers.Sec-CH-Prefers-Reduced-Motion 📋HTTP
http.headers.Sec-CH-Prefers-Reduced-Transparency 📋HTTP
http.headers.Sec-CH-UA 📋HTTP
http.headers.Sec-CH-UA-Arch 📋HTTP
http.headers.Sec-CH-UA-Bitness 📋HTTP
http.headers.Sec-CH-UA-Form-Factors 📋HTTP
http.headers.Sec-CH-UA-Full-Version 📋HTTP
http.headers.Sec-CH-UA-Full-Version-List 📋HTTP
http.headers.Sec-CH-UA-Mobile 📋HTTP
http.headers.Sec-CH-UA-Model 📋HTTP
http.headers.Sec-CH-UA-Platform 📋HTTP
http.headers.Sec-CH-UA-Platform-Version 📋HTTP
http.headers.Sec-CH-UA-WoW64 📋HTTP
http.headers.Sec-CH-Viewport-Height 📋HTTP
http.headers.Sec-CH-Viewport-Width 📋HTTP
http.headers.Sec-CH-Width 📋HTTP
http.headers.Sec-Fetch-Dest 📋HTTP
http.headers.Sec-Fetch-Dest.fencedframe HTTP
http.headers.Sec-Fetch-Mode 📋HTTP
http.headers.Sec-Fetch-Site 📋HTTP
http.headers.Sec-Fetch-Storage-Access 📋HTTP
http.headers.Sec-Fetch-User 📋HTTP
http.headers.Sec-GPC 📋HTTP
Firefox: Opt-in to GPC using the Website Privacy Preference setting (about:preferences#privacy) checkbox 'Tell websites not to sell or share my data', or by setting the preference privacy.globalprivacycontrol.enabled to true.Firefox for Android: Opt-in to GPC using the Enhanced Tracking Protection toggle 'Tell web sites not to share & sell data', or by setting the preference privacy.globalprivacycontrol.enabled to true.
http.headers.Sec-Private-State-Token 📋HTTP
http.headers.Sec-Private-State-Token-Crypto-Version 📋HTTP
http.headers.Sec-Private-State-Token-Lifetime 📋HTTP
http.headers.Sec-Purpose 📋HTTP
http.headers.Sec-Purpose.prefetch HTTP
Chrome: Doesn't support Sec-Purpose for <link rel="prefetch">. In Chrome, the legacy Purpose: prefetch header is used to indicate a link request is a prefetch. See bug 40236973.Chrome Android: Doesn't support Sec-Purpose for <link rel="prefetch">. In Chrome Android, the legacy Purpose: prefetch header is used to indicate a link request is a prefetch. See bug 40236973.Edge: Doesn't support Sec-Purpose for <link rel="prefetch">. In Edge, the legacy Purpose: prefetch header is used to indicate a link request is a prefetch. See bug 40236973.Firefox: Sec-Purpose: prefetch replaces the non-standard X-moz: prefetch header that was used to indicate a link prefetch request in earlier versions.Firefox: Prefetch requests should also include the header Accept header string for navigations, but Accept: */* is sent instead.Firefox for Android: Sec-Purpose: prefetch replaces the non-standard X-moz: prefetch header that was used to indicate a link prefetch request in earlier versions.Firefox for Android: Prefetch requests should also include the header Accept header string for navigations, but Accept: */* is sent instead.Quest Browser: Doesn't support Sec-Purpose for <link rel="prefetch">. In Quest Browser, the legacy Purpose: prefetch header is used to indicate a link request is a prefetch. See bug 40236973.Opera: Doesn't support Sec-Purpose for <link rel="prefetch">. In Opera, the legacy Purpose: prefetch header is used to indicate a link request is a prefetch. See bug 40236973.Samsung Internet: Doesn't support Sec-Purpose for <link rel="prefetch">. In Samsung Internet, the legacy Purpose: prefetch header is used to indicate a link request is a prefetch. See bug 40236973.WebView Android: Doesn't support Sec-Purpose for <link rel="prefetch">. In WebView Android, the legacy Purpose: prefetch header is used to indicate a link request is a prefetch. See bug 40236973.
http.headers.Sec-Purpose.speculationrules HTTP
http.headers.Sec-Redemption-Record 📋HTTP
http.headers.Sec-Speculation-Tags 📋HTTP
http.headers.Sec-WebSocket-Accept 📋HTTP
http.headers.Sec-WebSocket-Extensions 📋HTTP
http.headers.Sec-WebSocket-Key 📋HTTP
http.headers.Sec-WebSocket-Protocol 📋HTTP
http.headers.Sec-WebSocket-Version 📋HTTP
http.headers.Server 📋HTTP
http.headers.Server-Timing 📋HTTP
http.headers.Server-Timing.trailer HTTP
Firefox: Only the Server-Timing header is a recognized trailer, and it is only exposed to DevTools in the network Timing tab (bug 1403051). Developers cannot access trailers via the Fetch API or XHR.Firefox for Android: Only the Server-Timing header is a recognized trailer, and it is only exposed to DevTools in the network Timing tab (bug 1403051). Developers cannot access trailers via the Fetch API or XHR.
http.headers.Service-Worker 📋HTTP
http.headers.Service-Worker-Allowed 📋HTTP
http.headers.Service-Worker-Navigation-Preload 📋HTTP
http.headers.Set-Cookie 📋HTTP
Safari: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.Safari on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.WebView on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.
http.headers.Set-Cookie.HttpOnly HTTP
http.headers.Set-Cookie.Max-Age HTTP
http.headers.Set-Cookie.Partitioned 📋HTTP
http.headers.Set-Cookie.SameSite 📋HTTP
Safari: Safari 13 on macOS 10.14 (Mojave), treats SameSite=None and invalid values as Strict. This is fixed in version 10.15 (Catalina) and later.Safari: Treats SameSite=None and invalid values as Strict in macOS before 10.15 Catalina. See bug 198181.Safari on iOS: Treats SameSite=None and invalid values as Strict in iOS before 13. See bug 198181.WebView on iOS: Treats SameSite=None and invalid values as Strict in iOS before 13. See bug 198181.
http.headers.Set-Cookie.SameSite.Lax HTTP
http.headers.Set-Cookie.SameSite.Lax_default HTTP
http.headers.Set-Cookie.SameSite.None HTTP
Chrome: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Chrome Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Quest Browser: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Opera: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Opera Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Safari: Not supported before macOS version 10.15 (Catalina).Samsung Internet: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.WebView Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.
http.headers.Set-Cookie.SameSite.Strict HTTP
http.headers.Set-Cookie.SameSite.none_requires_secure HTTP
http.headers.Set-Cookie.SameSite.schemeful HTTP
http.headers.Set-Cookie.host_secure_prefixes HTTP
http.headers.Set-Cookie.http_host-http_prefixes HTTP
Firefox: __Host-Http- is supported under its original name __HostHttp-. See bug 1982555.Firefox for Android: __Host-Http- is supported under its original name __HostHttp-. See bug 1982555.
http.headers.Set-Login 📋HTTP
http.headers.Snapshot-Content-Location HTTP
http.headers.SourceMap 📋HTTP
Chrome: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Chrome Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Edge: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Quest Browser: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Opera: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Opera Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Samsung Internet: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.WebView Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.
http.headers.Speculation-Rules 📋HTTP
http.headers.Strict-Transport-Security 📋HTTP
http.headers.Supports-Loading-Mode 📋HTTP
http.headers.Supports-Loading-Mode.credentialed-prerender 📋HTTP
http.headers.Supports-Loading-Mode.fenced-frame 📋HTTP
http.headers.TE 📋HTTP
http.headers.Timing-Allow-Origin 📋HTTP
http.headers.Trailer 📋HTTP
Firefox: Only the Server-Timing header is a recognized trailer, and it is only exposed to DevTools in the network Timing tab (bug 1403051). Developers cannot access trailers via the Fetch API or XHR.Firefox for Android: Only the Server-Timing header is a recognized trailer, and it is only exposed to DevTools in the network Timing tab (bug 1403051). Developers cannot access trailers via the Fetch API or XHR.
http.headers.Transfer-Encoding 📋HTTP
http.headers.Upgrade 📋HTTP
http.headers.Upgrade-Insecure-Requests 📋HTTP
http.headers.Use-As-Dictionary 📋HTTP
http.headers.User-Agent 📋HTTP
http.headers.Vary 📋HTTP
http.headers.Via 📋HTTP
http.headers.Viewport-Width HTTP
http.headers.WWW-Authenticate 📋HTTP
http.headers.WWW-Authenticate.Basic 📋HTTP
http.headers.WWW-Authenticate.Digest 📋HTTP
http.headers.WWW-Authenticate.Digest.SHA-256 HTTP
http.headers.WWW-Authenticate.Digest.md5 HTTP
http.headers.WWW-Authenticate.NTLM HTTP
http.headers.WWW-Authenticate.Negotiate 📋HTTP
http.headers.Warning 📋HTTP
http.headers.Width HTTP
http.headers.X-Content-Type-Options 📋HTTP
Chrome: Not supported for stylesheets.Chrome Android: Not supported for stylesheets.Opera: Not supported for stylesheets.Opera Android: Not supported for stylesheets.Samsung Internet: Not supported for stylesheets.WebView Android: Not supported for stylesheets.
http.headers.X-DNS-Prefetch-Control HTTP
http.headers.X-Frame-Options 📋HTTP
http.headers.X-Frame-Options.SAMEORIGIN HTTP
Chrome: Starting in Chrome 61, this applies to all of a frame's ancestors.Chrome Android: Starting in Chrome Android 61, this applies to all of a frame's ancestors.Firefox: Starting in Firefox 59, this applies to all of a frame's ancestors.Firefox for Android: Starting in Firefox for Android 59, this applies to all of a frame's ancestors.Quest Browser: Starting in Quest Browser 5.0, this applies to all of a frame's ancestors.Opera: Starting in Opera 48, this applies to all of a frame's ancestors.Opera Android: Starting in Opera Android 45, this applies to all of a frame's ancestors.Samsung Internet: Starting in Samsung Internet 8.0, this applies to all of a frame's ancestors.WebView Android: Starting in WebView Android 61, this applies to all of a frame's ancestors.
http.headers.X-XSS-Protection HTTP
http.methods.CONNECT 📋HTTP
http.methods.DELETE 📋HTTP
http.methods.GET 📋HTTP
http.methods.HEAD 📋HTTP
http.methods.OPTIONS 📋HTTP
http.methods.POST 📋HTTP
http.methods.PUT 📋HTTP
http.mixed-content 📋HTTP
http.mixed-content.allow_file_urls 📋HTTP
http.mixed-content.allow_localhost_url 📋HTTP
http.mixed-content.allow_loopback_url 📋HTTP
http.mixed-content.auto_upgrade_images 📋HTTP
Firefox: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox: Set security.mixed_content.block_display_content preference to true to block all mixed content.Firefox for Android: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox for Android: Set security.mixed_content.block_display_content preference to true to block all mixed content.
http.mixed-content.auto_upgrade_video_audio 📋HTTP
Firefox: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox: Set security.mixed_content.block_display_content preference to true to block all mixed content.Firefox for Android: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox for Android: Set security.mixed_content.block_display_content preference to true to block all mixed content.
http.mixed-content.block_mixed_downloads 📋HTTP
http.mixed-content.blockable_mixed_content 📋HTTP
Chrome: From version 79 blocks iframes, scripts, and stylesheets.Chrome Android: From version 79 blocks iframes, scripts, and stylesheets.Edge: From version 79 blocks iframes, scripts, and stylesheets.Quest Browser: From version 8.0 blocks iframes, scripts, and stylesheets.Opera: From version 66 blocks iframes, scripts, and stylesheets.Opera Android: From version 57 blocks iframes, scripts, and stylesheets.Samsung Internet: From version 12.0 blocks iframes, scripts, and stylesheets.WebView Android: From version 79 blocks iframes, scripts, and stylesheets.
http.mixed-content.private_network_access 📋HTTP
http.status.103 📋HTTP
Chrome: Supported in HTTP/2 and later only.Chrome Android: Supported in HTTP/2 and later only.Edge: Supported in HTTP/2 and later only.Quest Browser: Supported in HTTP/2 and later only.Opera: Supported in HTTP/2 and later only.Opera Android: Supported in HTTP/2 and later only.Safari: Supported in HTTP/2 and later only.Safari on iOS: Supported in HTTP/2 and later only.Samsung Internet: Supported in HTTP/2 and later only.WebView Android: Supported in HTTP/2 and later only.WebView on iOS: Supported in HTTP/2 and later only.
http.status.103.preconnect HTTP
http.status.103.preload HTTP
http.status.308 📋HTTP
Internet Explorer: Does not work below Windows 10.
http.status.425 📋HTTP