Now Stable

"New on the Web": For a given set of browsers, what APIs became stable and when, ordered reverse chronologically.

It's a great source of information for posts like this

Example Comparisons
Browsers
Features

Stable APIs

Below is a list of features that are in Chrome and Firefox, ordered reverse chronologically by when they became stable (i.e, available in the last browser).

2026/1

API First Browser Date Last Browser Date Days Notes
http.headers.Activate-Storage-Access πŸ“‹Chrome2/4/2025 Firefox1/13/2026343
http.headers.Sec-Fetch-Storage-Access πŸ“‹Chrome2/4/2025 Firefox1/13/2026343

2025/11

API First Browser Date Last Browser Date Days Notes
http.headers.Integrity-Policy πŸ“‹Chrome6/24/2025 Firefox11/11/2025140
Firefox: Reporting endpoints are ignored (violations are logged to console).Firefox for Android: Reporting endpoints are ignored (violations are logged to console).
http.headers.Integrity-Policy.blocked-destinations_script πŸ“‹Chrome6/24/2025 Firefox11/11/2025140
http.headers.Integrity-Policy-Report-Only πŸ“‹Chrome6/24/2025 Firefox11/11/2025140
Firefox: Reporting endpoints are ignored (violations are logged to console).Firefox for Android: Reporting endpoints are ignored (violations are logged to console).
http.headers.Integrity-Policy-Report-Only.blocked-destinations_script πŸ“‹Chrome6/24/2025 Firefox11/11/2025140

2025/9

API First Browser Date Last Browser Date Days Notes
http.headers.Set-Cookie.http_host-http_prefixes Chrome9/2/2025 Firefox9/16/202514
Firefox: __Host-Http- is supported under its original name __HostHttp-. See bug 1982555.Firefox for Android: __Host-Http- is supported under its original name __HostHttp-. See bug 1982555.

2025/7

API First Browser Date Last Browser Date Days Notes
http.headers.Set-Cookie.Partitioned πŸ“‹Chrome5/30/2023 Firefox7/22/2025784

2025/4

API First Browser Date Last Browser Date Days Notes
http.headers.Clear-Site-Data.cache πŸ“‹Chrome3/6/2018 Firefox4/29/20252611
Chrome: Setting this value may increase response duration (see bug 40233601.Chrome: Setting this value may prevent a page from fully load (see bug 41343050.Chrome Android: Setting this value may increase response duration (see bug 40233601.Chrome Android: Setting this value may prevent a page from fully load (see bug 41343050.Edge: Setting this value may increase response duration (see bug 40233601.Quest Browser: Setting this value may increase response duration (see bug 40233601.Opera: Setting this value may increase response duration (see bug 40233601.Opera: Setting this value may prevent a page from fully load (see bug 41343050.Opera Android: Setting this value may increase response duration (see bug 40233601.Opera Android: Setting this value may prevent a page from fully load (see bug 41343050.Samsung Internet: Setting this value may increase response duration (see bug 40233601.WebView Android: Setting this value may increase response duration (see bug 40233601.WebView Android: Setting this value may prevent a page from fully load (see bug 41343050.
http.headers.Origin-Agent-Cluster πŸ“‹Chrome4/13/2021 Firefox4/29/20251477
http.headers.Set-Login πŸ“‹Chrome12/5/2023 Firefox4/29/2025511

2024/10

API First Browser Date Last Browser Date Days Notes
http.headers.Link.fetchpriority πŸ“‹Chrome6/21/2022 Firefox10/29/2024861
http.headers.Set-Cookie.SameSite.none_requires_secure Chrome2/4/2020 Firefox10/1/20241701

2024/9

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.report-to πŸ“‹Chrome10/16/2018 Firefox9/3/20242149
http.headers.Report-To Chrome10/16/2018 Firefox9/3/20242149
http.headers.Reporting-Endpoints πŸ“‹Chrome11/15/2021 Firefox9/3/20241023

2024/7

API First Browser Date Last Browser Date Days Notes
http.headers.Priority πŸ“‹Chrome4/16/2024 Firefox7/9/202484

2024/6

API First Browser Date Last Browser Date Days Notes
http.mixed-content.auto_upgrade_images πŸ“‹Chrome10/20/2020 Firefox6/11/20241330
Firefox: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox: Set security.mixed_content.block_display_content preference to true to block all mixed content.Firefox for Android: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox for Android: Set security.mixed_content.block_display_content preference to true to block all mixed content.
http.mixed-content.auto_upgrade_video_audio πŸ“‹Chrome2/4/2020 Firefox6/11/20241589
Firefox: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox: Set security.mixed_content.block_display_content preference to true to block all mixed content.Firefox for Android: Set security.mixed_content.upgrade_display_content preference to true to allow HTTP fetching and display of upgradable content.Firefox for Android: Set security.mixed_content.block_display_content preference to true to block all mixed content.

2024/5

API First Browser Date Last Browser Date Days Notes
http.headers.Accept-Encoding.zstd πŸ“‹Chrome3/19/2024 Firefox5/14/202456
Safari: Before macOS 26.3 Tahoe, this header value is not sent.
http.headers.Content-Encoding.zstd πŸ“‹Chrome3/19/2024 Firefox5/14/202456
Safari: Before macOS 26.3 Tahoe, Safari cannot decode Zstandard responses.

2024/2

API First Browser Date Last Browser Date Days Notes
http.status.103.preload Chrome6/21/2022 Firefox2/20/2024609

2023/11

API First Browser Date Last Browser Date Days Notes
http.headers.Link πŸ“‹Chrome6/21/2022 Firefox11/21/2023518
http.status.103 πŸ“‹Chrome6/21/2022 Firefox11/21/2023518
Chrome: Supported in HTTP/2 and later only.Chrome Android: Supported in HTTP/2 and later only.Edge: Supported in HTTP/2 and later only.Quest Browser: Supported in HTTP/2 and later only.Opera: Supported in HTTP/2 and later only.Opera Android: Supported in HTTP/2 and later only.Safari: Supported in HTTP/2 and later only.Safari on iOS: Supported in HTTP/2 and later only.Samsung Internet: Supported in HTTP/2 and later only.WebView Android: Supported in HTTP/2 and later only.WebView on iOS: Supported in HTTP/2 and later only.
http.status.103.preconnect Chrome6/21/2022 Firefox11/21/2023518

2023/10

API First Browser Date Last Browser Date Days Notes
http.headers.Cross-Origin-Embedder-Policy.credentialless πŸ“‹Chrome11/15/2021 Firefox10/24/2023708

2023/9

API First Browser Date Last Browser Date Days Notes
http.headers.Authorization.Digest.SHA-256 Firefox10/5/2021 Chrome9/12/2023707
http.headers.Clear-Site-Data.wildcard πŸ“‹Firefox10/23/2018 Chrome9/12/20231785
http.headers.WWW-Authenticate.Digest.SHA-256 Firefox10/5/2021 Chrome9/12/2023707

2023/8

API First Browser Date Last Browser Date Days Notes
http.headers.Range.cors_safe Chrome3/1/2022 Firefox8/29/2023546
http.headers.Content-Security-Policy.script-src.external_scripts πŸ“‹Chrome6/5/2017 Firefox8/1/20232248

2023/7

API First Browser Date Last Browser Date Days Notes
http.headers.Sec-Purpose πŸ“‹Chrome2/7/2023 Firefox7/4/2023147

2023/1

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.unsafe-hashes Chrome9/4/2018 Firefox1/17/20231596

2022/12

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.script-src-attr πŸ“‹Chrome6/4/2019 Firefox12/13/20221288
http.headers.Content-Security-Policy.script-src-elem πŸ“‹Chrome6/4/2019 Firefox12/13/20221288
http.headers.Content-Security-Policy.style-src-attr πŸ“‹Chrome6/4/2019 Firefox12/13/20221288
http.headers.Content-Security-Policy.style-src-elem πŸ“‹Chrome6/4/2019 Firefox12/13/20221288
Safari: The style-src-elem directive was parsed, but had no effect. See bug 276931.Safari on iOS: The style-src-elem directive was parsed, but had no effect. See bug 276931.WebView on iOS: The style-src-elem directive was parsed, but had no effect. See bug 276931.

2022/6

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.script-src.wasm-unsafe-eval Chrome1/4/2022 Firefox6/28/2022175

2021/7

API First Browser Date Last Browser Date Days Notes
http.mixed-content.block_mixed_downloads πŸ“‹Firefox7/13/2021 Chrome7/20/20217
http.headers.Sec-Fetch-Dest πŸ“‹Chrome2/4/2020 Firefox7/13/2021525
http.headers.Sec-Fetch-Mode πŸ“‹Chrome7/30/2019 Firefox7/13/2021714
http.headers.Sec-Fetch-Site πŸ“‹Chrome7/30/2019 Firefox7/13/2021714
http.headers.Sec-Fetch-User πŸ“‹Chrome7/30/2019 Firefox7/13/2021714

2021/5

API First Browser Date Last Browser Date Days Notes
http.headers.Set-Cookie.SameSite.schemeful Firefox7/28/2020 Chrome5/25/2021301

2021/3

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Length.cors_response_safelist Chrome7/30/2019 Firefox3/23/2021602
http.headers.Referrer-Policy.default_strict-origin-when-cross-origin Chrome8/25/2020 Firefox3/23/2021210

2020/12

API First Browser Date Last Browser Date Days Notes
http.mixed-content.allow_localhost_url πŸ“‹Chrome12/10/2019 Firefox12/15/2020371

2020/7

API First Browser Date Last Browser Date Days Notes
http.headers.Cross-Origin-Embedder-Policy πŸ“‹Chrome5/19/2020 Firefox7/28/202070
http.headers.Cross-Origin-Opener-Policy πŸ“‹Chrome5/19/2020 Firefox7/28/202070

2020/3

API First Browser Date Last Browser Date Days Notes
http.headers.Cross-Origin-Resource-Policy πŸ“‹Chrome3/12/2019 Firefox3/10/2020364
Chrome: Until version 75, downloads for files with this header would fail in Chrome. See bug 41452948.Chrome: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled.Chrome Android: Until version 75, downloads for files with this header would fail in Chrome Android. See bug 41452948.Chrome Android: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled.Quest Browser: Until version 7.0, downloads for files with this header would fail in Quest Browser. See bug 41452948.Quest Browser: From version 9.0 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 12.0, partial PDF loading is disabled.Opera: Until version 62, downloads for files with this header would fail in Opera. See bug 41452948.Opera: From version 67 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 72, partial PDF loading is disabled.Opera Android: Until version 54, downloads for files with this header would fail in Opera Android. See bug 41452948.Opera Android: From version 57 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 61, partial PDF loading is disabled.WebView Android: Until version 75, downloads for files with this header would fail in WebView Android. See bug 41452948.WebView Android: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled.

2020/2

API First Browser Date Last Browser Date Days Notes
http.headers.Set-Cookie.SameSite.Lax_default Firefox9/3/2019 Chrome2/4/2020154

2019/12

API First Browser Date Last Browser Date Days Notes
http.mixed-content πŸ“‹Firefox8/6/2013 Chrome12/10/20192317
http.mixed-content.allow_file_urls πŸ“‹Firefox8/6/2013 Chrome12/10/20192317
http.mixed-content.allow_loopback_url πŸ“‹Firefox8/8/2017 Chrome12/10/2019854
http.mixed-content.blockable_mixed_content πŸ“‹Firefox8/6/2013 Chrome12/10/20192317
Chrome: From version 79 blocks iframes, scripts, and stylesheets.Chrome Android: From version 79 blocks iframes, scripts, and stylesheets.Edge: From version 79 blocks iframes, scripts, and stylesheets.Quest Browser: From version 8.0 blocks iframes, scripts, and stylesheets.Opera: From version 66 blocks iframes, scripts, and stylesheets.Opera Android: From version 57 blocks iframes, scripts, and stylesheets.Samsung Internet: From version 12.0 blocks iframes, scripts, and stylesheets.WebView Android: From version 79 blocks iframes, scripts, and stylesheets.

2019/10

API First Browser Date Last Browser Date Days Notes
http.headers.Origin πŸ“‹Chrome12/11/2008 Firefox10/22/20193967
Edge: Not sent with POST requestsFirefox: Not sent with POST requests, see bug 446344.Firefox for Android: Not sent with POST requests, see bug 446344.
http.headers.Referer.length_limit_4096B Chrome9/10/2019 Firefox10/22/201942

2019/9

API First Browser Date Last Browser Date Days Notes
http.headers.Access-Control-Allow-Headers.wildcard Chrome12/6/2017 Firefox9/3/2019636
http.headers.Access-Control-Allow-Methods.wildcard Chrome12/6/2017 Firefox9/3/2019636
http.headers.Access-Control-Expose-Headers.wildcard Chrome3/6/2018 Firefox9/3/2019546

2019/7

API First Browser Date Last Browser Date Days Notes
http.headers.Cache-Control.stale-while-revalidate πŸ“‹Chrome6/4/2019 Firefox7/9/201935

2018/10

API First Browser Date Last Browser Date Days Notes
http.headers.Clear-Site-Data πŸ“‹Chrome9/5/2017 Firefox10/23/2018413
http.headers.Clear-Site-Data.cookies πŸ“‹Chrome9/5/2017 Firefox10/23/2018413
http.headers.Clear-Site-Data.secure_context_required Chrome9/5/2017 Firefox10/23/2018413
http.headers.Clear-Site-Data.storage πŸ“‹Chrome9/5/2017 Firefox10/23/2018413
http.headers.Content-Security-Policy.report-sample Chrome6/5/2017 Firefox10/23/2018505

2018/6

API First Browser Date Last Browser Date Days Notes
http.headers.Server-Timing πŸ“‹Chrome3/6/2018 Firefox6/26/2018112

2018/5

API First Browser Date Last Browser Date Days Notes
http.headers.Set-Cookie.SameSite.None Firefox5/9/2018 Chrome5/29/201820
Chrome: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Chrome Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Quest Browser: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Opera: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Opera Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Safari: Not supported before macOS version 10.15 (Catalina).Samsung Internet: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.WebView Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.
http.headers.Set-Cookie.SameSite πŸ“‹Chrome5/25/2016 Firefox5/9/2018714
Safari: Safari 13 on macOS 10.14 (Mojave), treats SameSite=None and invalid values as Strict. This is fixed in version 10.15 (Catalina) and later.Safari: Treats SameSite=None and invalid values as Strict in macOS before 10.15 Catalina. See bug 198181.Safari on iOS: Treats SameSite=None and invalid values as Strict in iOS before 13. See bug 198181.WebView on iOS: Treats SameSite=None and invalid values as Strict in iOS before 13. See bug 198181.
http.headers.Set-Cookie.SameSite.Lax Chrome5/25/2016 Firefox5/9/2018714
http.headers.Set-Cookie.SameSite.Strict Chrome5/25/2016 Firefox5/9/2018714

2018/3

API First Browser Date Last Browser Date Days Notes
http.data-url.top_level_navigation_blocked Chrome7/25/2017 Firefox3/13/2018231

2018/1

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.frame-ancestors πŸ“‹Chrome1/21/2015 Firefox1/23/20181098
Firefox: Before Firefox 58, frame-ancestors is ignored in Content-Security-Policy-Report-Only.Firefox for Android: Before Firefox for Android 58, frame-ancestors is ignored in Content-Security-Policy-Report-Only.
http.headers.Content-Security-Policy.worker-src πŸ“‹Chrome6/5/2017 Firefox1/23/2018232
Chrome: Chrome 59 and higher skips the deprecated child-src directive.Chrome Android: Chrome Android 59 and higher skips the deprecated child-src directive.Quest Browser: Quest Browser 5.0 and higher skips the deprecated child-src directive.Opera: Opera 46 and higher skips the deprecated child-src directive.Opera Android: Opera Android 43 and higher skips the deprecated child-src directive.WebView Android: WebView Android 59 and higher skips the deprecated child-src directive.
http.headers.X-Content-Type-Options πŸ“‹Firefox11/15/2016 Chrome1/23/2018434
Chrome: Not supported for stylesheets.Chrome Android: Not supported for stylesheets.Opera: Not supported for stylesheets.Opera Android: Not supported for stylesheets.Samsung Internet: Not supported for stylesheets.WebView Android: Not supported for stylesheets.

2017/9

API First Browser Date Last Browser Date Days Notes
http.headers.Referrer-Policy.same-origin Firefox3/7/2017 Chrome9/5/2017182
http.headers.Referrer-Policy.strict-origin Firefox3/7/2017 Chrome9/5/2017182
http.headers.Referrer-Policy.strict-origin-when-cross-origin Firefox3/7/2017 Chrome9/5/2017182

2017/8

API First Browser Date Last Browser Date Days Notes
http.headers.SourceMap πŸ“‹Chrome3/28/2012 Firefox8/8/20171959
Chrome: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Chrome Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Edge: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Quest Browser: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Opera: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Opera Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Samsung Internet: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.WebView Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.

2017/3

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.strict-dynamic Chrome7/20/2016 Firefox3/7/2017230

2017/1

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.worker_support Firefox11/15/2016 Chrome1/25/201771
http.headers.Referrer-Policy πŸ“‹Firefox11/15/2016 Chrome1/25/201771

2016/11

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.connect-src πŸ“‹Chrome2/21/2013 Firefox11/15/20161363
Firefox: Before Firefox 50, ping attributes of <a> elements weren't covered by connect-src.
http.headers.Content-Security-Policy.sandbox πŸ“‹Chrome2/21/2013 Firefox11/15/20161363
http.headers.Set-Cookie.host_secure_prefixes Chrome3/2/2016 Firefox11/15/2016258

2016/10

API First Browser Date Last Browser Date Days Notes
http.headers.Timing-Allow-Origin πŸ“‹Firefox3/8/2016 Chrome10/12/2016218

2016/8

API First Browser Date Last Browser Date Days Notes
http.headers.Upgrade-Insecure-Requests πŸ“‹Chrome7/21/2015 Firefox8/2/2016378

2016/7

API First Browser Date Last Browser Date Days Notes
http.headers.Alt-Svc πŸ“‹Firefox5/12/2015 Chrome7/20/2016435
Firefox: Only supports draft-04Firefox for Android: Only supports draft-04

2016/4

API First Browser Date Last Browser Date Days Notes
http.headers.Accept-Encoding.br πŸ“‹Firefox1/26/2016 Chrome4/13/201678
Safari: Unsupported before macOS 10.13 High Sierra.
http.headers.Content-Encoding.br πŸ“‹Firefox1/26/2016 Chrome4/13/201678
Safari: Unsupported before macOS 10.13 High Sierra.

2016/3

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.child-src πŸ“‹Chrome1/21/2015 Firefox3/8/2016412
http.headers.Content-Security-Policy.meta-element-support Chrome2/21/2013 Firefox3/8/20161111

2016/1

API First Browser Date Last Browser Date Days Notes
http.headers.Service-Worker πŸ“‹Chrome10/7/2014 Firefox1/26/2016476

2015/11

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.upgrade-insecure-requests πŸ“‹Chrome5/19/2015 Firefox11/3/2015168

2015/9

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.manifest-src πŸ“‹Chrome1/21/2015 Firefox9/22/2015244

2015/8

API First Browser Date Last Browser Date Days Notes
http.headers.Service-Worker-Allowed πŸ“‹Chrome4/14/2015 Firefox8/11/2015119

2015/2

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.form-action πŸ“‹Chrome1/21/2015 Firefox2/24/201534

2015/1

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.base-uri πŸ“‹Firefox1/13/2015 Chrome1/21/20158

2014/7

API First Browser Date Last Browser Date Days Notes
http.status.308 πŸ“‹Firefox7/17/2012 Chrome7/16/2014729
Internet Explorer: Does not work below Windows 10.

2013/8

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy πŸ“‹Chrome2/21/2013 Firefox8/6/2013166
Internet Explorer: Only supporting 'sandbox' directive.
http.headers.Content-Security-Policy.default-src πŸ“‹Chrome2/21/2013 Firefox8/6/2013166
http.headers.Content-Security-Policy.font-src πŸ“‹Chrome2/21/2013 Firefox8/6/2013166
http.headers.Content-Security-Policy.frame-src πŸ“‹Chrome2/21/2013 Firefox8/6/2013166
http.headers.Content-Security-Policy.img-src πŸ“‹Chrome2/21/2013 Firefox8/6/2013166
http.headers.Content-Security-Policy.media-src πŸ“‹Chrome2/21/2013 Firefox8/6/2013166
http.headers.Content-Security-Policy.object-src πŸ“‹Chrome2/21/2013 Firefox8/6/2013166
http.headers.Content-Security-Policy.report-uri πŸ“‹Chrome2/21/2013 Firefox8/6/2013166
http.headers.Content-Security-Policy.script-src πŸ“‹Chrome2/21/2013 Firefox8/6/2013166
http.headers.Content-Security-Policy.style-src πŸ“‹Chrome2/21/2013 Firefox8/6/2013166
http.headers.Content-Security-Policy-Report-Only πŸ“‹Chrome2/21/2013 Firefox8/6/2013166

2012/11

API First Browser Date Last Browser Date Days Notes
http.headers.DNT Firefox3/22/2011 Chrome11/6/2012595

2012/3

API First Browser Date Last Browser Date Days Notes
http.headers.Sec-WebSocket-Accept πŸ“‹Chrome12/13/2011 Firefox3/13/201291
http.headers.Sec-WebSocket-Extensions πŸ“‹Chrome12/13/2011 Firefox3/13/201291
http.headers.Sec-WebSocket-Key πŸ“‹Chrome12/13/2011 Firefox3/13/201291
http.headers.Sec-WebSocket-Protocol πŸ“‹Chrome12/13/2011 Firefox3/13/201291
http.headers.Sec-WebSocket-Version πŸ“‹Chrome12/13/2011 Firefox3/13/201291

2011/8

API First Browser Date Last Browser Date Days Notes
http.headers.Upgrade πŸ“‹Chrome5/25/2010 Firefox8/16/2011448

2011/3

API First Browser Date Last Browser Date Days Notes
http.headers.Strict-Transport-Security πŸ“‹Chrome1/25/2010 Firefox3/22/2011421
http.headers.X-Frame-Options πŸ“‹Chrome1/25/2010 Firefox3/22/2011421
http.headers.X-Frame-Options.SAMEORIGIN Chrome1/25/2010 Firefox3/22/2011421
Chrome: Starting in Chrome 61, this applies to all of a frame's ancestors.Chrome Android: Starting in Chrome Android 61, this applies to all of a frame's ancestors.Firefox: Starting in Firefox 59, this applies to all of a frame's ancestors.Firefox for Android: Starting in Firefox for Android 59, this applies to all of a frame's ancestors.Quest Browser: Starting in Quest Browser 5.0, this applies to all of a frame's ancestors.Opera: Starting in Opera 48, this applies to all of a frame's ancestors.Opera Android: Starting in Opera Android 45, this applies to all of a frame's ancestors.Samsung Internet: Starting in Samsung Internet 8.0, this applies to all of a frame's ancestors.WebView Android: Starting in WebView Android 61, this applies to all of a frame's ancestors.

2010/1

API First Browser Date Last Browser Date Days Notes
http.data-url πŸ“‹Firefox10/24/2006 Chrome1/25/20101189
Edge: Before Edge 79, the maximum size supported is 4GB.Internet Explorer: Since Internet Explorer 9, the maximum size supported is 4GB.Internet Explorer: In Internet Explorer 8, the maximum size supported is 32kB.
http.data-url.css_files Firefox10/24/2006 Chrome1/25/20101189
http.data-url.html_files Firefox10/24/2006 Chrome1/25/20101189
http.data-url.js_files Firefox10/24/2006 Chrome1/25/20101189
http.headers.Access-Control-Allow-Credentials πŸ“‹Firefox6/30/2009 Chrome1/25/2010209
http.headers.Access-Control-Allow-Headers πŸ“‹Firefox6/30/2009 Chrome1/25/2010209
http.headers.Access-Control-Allow-Methods πŸ“‹Firefox6/30/2009 Chrome1/25/2010209
http.headers.Access-Control-Allow-Origin πŸ“‹Firefox6/30/2009 Chrome1/25/2010209
http.headers.Access-Control-Expose-Headers πŸ“‹Firefox6/30/2009 Chrome1/25/2010209
http.headers.Access-Control-Max-Age πŸ“‹Firefox6/30/2009 Chrome1/25/2010209
http.headers.Access-Control-Request-Headers πŸ“‹Firefox6/30/2009 Chrome1/25/2010209
http.headers.Access-Control-Request-Method πŸ“‹Firefox6/30/2009 Chrome1/25/2010209

2008/12

API First Browser Date Last Browser Date Days Notes
http.headers.Accept πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
Firefox: In Firefox 66, the default Accept header value changed to */*.Firefox for Android: In Firefox for Android 66, the default Accept header value changed to */*.
http.headers.Accept-Encoding πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Accept-Language πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Accept-Ranges πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Age πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Authorization πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Authorization.Basic πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Authorization.Digest πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Authorization.Digest.md5 Firefox11/9/2004 Chrome12/11/20081493
http.headers.Authorization.NTLM Firefox11/9/2004 Chrome12/11/20081493
http.headers.Authorization.Negotiate πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Cache-Control πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Connection πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Content-Disposition πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
Chrome: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Chrome Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Firefox: From version 82, if an <a> element's download attribute is set (for a same-origin URL) then the inline directive is ignored. Earlier versions did not match the specification and respected the header directive over the attribute. See bug 1658877.Firefox for Android: From version 82, if an <a> element's download attribute is set (for a same-origin URL) then the inline directive is ignored. Earlier versions did not match the specification and respected the header directive over the attribute. See bug 1658877.Quest Browser: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Opera: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Opera Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Safari: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384.Safari on iOS: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384.Samsung Internet: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.WebView Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.WebView on iOS: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384.
http.headers.Content-Encoding πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Content-Language πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Content-Length πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Content-Location πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Content-Range πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Content-Type πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Cookie πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
Safari: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.Safari on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.WebView on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.
http.headers.Date πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.ETag πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Expires πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.From πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Host πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.If-Match πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.If-Modified-Since πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.If-None-Match πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.If-Range πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.If-Unmodified-Since πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Keep-Alive πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Last-Modified πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Location πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Pragma πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Proxy-Authenticate πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Range πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Referer πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Refresh πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
Firefox: From version 136 the HTTP Referer header is sent following a refresh that redirects to another page (if permitted)Firefox for Android: From version 136 the HTTP Referer header is sent following a refresh that redirects to another page (if permitted)
http.headers.Server πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Set-Cookie πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
Safari: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.Safari on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.WebView on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.
http.headers.Set-Cookie.HttpOnly Firefox6/17/2008 Chrome12/11/2008177
http.headers.Set-Cookie.Max-Age Firefox11/9/2004 Chrome12/11/20081493
http.headers.TE πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Transfer-Encoding πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.User-Agent πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Vary πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Via πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.WWW-Authenticate πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.WWW-Authenticate.Basic πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.WWW-Authenticate.Digest πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.WWW-Authenticate.Digest.md5 Firefox11/9/2004 Chrome12/11/20081493
http.headers.WWW-Authenticate.NTLM Firefox11/9/2004 Chrome12/11/20081493
http.headers.WWW-Authenticate.Negotiate πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.Warning πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.headers.X-DNS-Prefetch-Control Firefox10/24/2006 Chrome12/11/2008779
http.methods.CONNECT πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.methods.DELETE πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.methods.GET πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.methods.HEAD πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.methods.OPTIONS πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.methods.POST πŸ“‹Firefox11/9/2004 Chrome12/11/20081493
http.methods.PUT πŸ“‹Firefox11/9/2004 Chrome12/11/20081493