Now Stable

"New on the Web": For a given set of browsers, what APIs became stable and when, ordered reverse chronologically.

It's a great source of information for posts like this

Example Comparisons
Browsers
Features

Stable APIs

Below is a list of features that are in Chrome and Safari, ordered reverse chronologically by when they became stable (i.e, available in the last browser).

2026/2

API First Browser Date Last Browser Date Days Notes
http.headers.Accept-Encoding.zstd πŸ“‹Chrome3/19/2024 Safari2/11/2026694
Safari: Before macOS 26.3 Tahoe, this header value is not sent.
http.headers.Content-Encoding.zstd πŸ“‹Chrome3/19/2024 Safari2/11/2026694
Safari: Before macOS 26.3 Tahoe, Safari cannot decode Zstandard responses.

2025/12

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.script-src.inline-speculation-rules Chrome2/7/2023 Safari12/12/20251039
http.headers.Content-Security-Policy.style-src-elem πŸ“‹Chrome6/4/2019 Safari12/12/20252383
Safari: The style-src-elem directive was parsed, but had no effect. See bug 276931.Safari on iOS: The style-src-elem directive was parsed, but had no effect. See bug 276931.WebView on iOS: The style-src-elem directive was parsed, but had no effect. See bug 276931.
http.headers.Sec-Purpose.speculationrules Chrome2/7/2023 Safari12/12/20251039
http.headers.Sec-Speculation-Tags πŸ“‹Chrome4/29/2025 Safari12/12/2025227
http.headers.Set-Cookie.Partitioned πŸ“‹Chrome5/30/2023 Safari12/12/2025927
http.headers.Speculation-Rules πŸ“‹Chrome1/23/2024 Safari12/12/2025689

2025/9

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.require-trusted-types-for πŸ“‹Chrome5/19/2020 Safari9/15/20251945
http.headers.Content-Security-Policy.trusted-types πŸ“‹Chrome5/19/2020 Safari9/15/20251945

2025/3

API First Browser Date Last Browser Date Days Notes
http.headers.Cross-Origin-Opener-Policy.noopener-allow-popups πŸ“‹Chrome11/12/2024 Safari3/31/2025139

2023/12

API First Browser Date Last Browser Date Days Notes
http.headers.Link.fetchpriority πŸ“‹Chrome6/21/2022 Safari12/11/2023538

2023/9

API First Browser Date Last Browser Date Days Notes
http.headers.Alt-Svc πŸ“‹Chrome7/20/2016 Safari9/18/20232616
Firefox: Only supports draft-04Firefox for Android: Only supports draft-04
http.headers.Clear-Site-Data πŸ“‹Chrome9/5/2017 Safari9/18/20232204
http.headers.Clear-Site-Data.cache πŸ“‹Chrome3/6/2018 Safari9/18/20232022
Chrome: Setting this value may increase response duration (see bug 40233601.Chrome: Setting this value may prevent a page from fully load (see bug 41343050.Chrome Android: Setting this value may increase response duration (see bug 40233601.Chrome Android: Setting this value may prevent a page from fully load (see bug 41343050.Edge: Setting this value may increase response duration (see bug 40233601.Quest Browser: Setting this value may increase response duration (see bug 40233601.Opera: Setting this value may increase response duration (see bug 40233601.Opera: Setting this value may prevent a page from fully load (see bug 41343050.Opera Android: Setting this value may increase response duration (see bug 40233601.Opera Android: Setting this value may prevent a page from fully load (see bug 41343050.Samsung Internet: Setting this value may increase response duration (see bug 40233601.WebView Android: Setting this value may increase response duration (see bug 40233601.WebView Android: Setting this value may prevent a page from fully load (see bug 41343050.
http.headers.Clear-Site-Data.cookies πŸ“‹Chrome9/5/2017 Safari9/18/20232204
http.headers.Clear-Site-Data.secure_context_required Chrome9/5/2017 Safari9/18/20232204
http.headers.Clear-Site-Data.storage πŸ“‹Chrome9/5/2017 Safari9/18/20232204
http.headers.Clear-Site-Data.wildcard πŸ“‹Chrome9/12/2023 Safari9/18/20236
http.headers.Link πŸ“‹Chrome6/21/2022 Safari9/18/2023454
http.status.103 πŸ“‹Chrome6/21/2022 Safari9/18/2023454
Chrome: Supported in HTTP/2 and later only.Chrome Android: Supported in HTTP/2 and later only.Edge: Supported in HTTP/2 and later only.Quest Browser: Supported in HTTP/2 and later only.Opera: Supported in HTTP/2 and later only.Opera Android: Supported in HTTP/2 and later only.Safari: Supported in HTTP/2 and later only.Safari on iOS: Supported in HTTP/2 and later only.Samsung Internet: Supported in HTTP/2 and later only.WebView Android: Supported in HTTP/2 and later only.WebView on iOS: Supported in HTTP/2 and later only.
http.status.103.preconnect Chrome6/21/2022 Safari9/18/2023454

2023/3

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.report-to πŸ“‹Chrome10/16/2018 Safari3/27/20231623
http.headers.Reporting-Endpoints πŸ“‹Chrome11/15/2021 Safari3/27/2023497
http.headers.Sec-Fetch-Dest πŸ“‹Chrome2/4/2020 Safari3/27/20231147
http.headers.Sec-Fetch-Mode πŸ“‹Chrome7/30/2019 Safari3/27/20231336
http.headers.Sec-Fetch-Site πŸ“‹Chrome7/30/2019 Safari3/27/20231336
http.headers.Server-Timing πŸ“‹Chrome3/6/2018 Safari3/27/20231847

2022/9

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.script-src.wasm-unsafe-eval Chrome1/4/2022 Safari9/12/2022251
http.headers.Range.cors_safe Chrome3/1/2022 Safari9/12/2022195

2022/7

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.script-src.external_scripts πŸ“‹Chrome6/5/2017 Safari7/20/20221871

2022/5

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.worker-src πŸ“‹Chrome6/5/2017 Safari5/16/20221806
Chrome: Chrome 59 and higher skips the deprecated child-src directive.Chrome Android: Chrome Android 59 and higher skips the deprecated child-src directive.Quest Browser: Quest Browser 5.0 and higher skips the deprecated child-src directive.Opera: Opera 46 and higher skips the deprecated child-src directive.Opera Android: Opera Android 43 and higher skips the deprecated child-src directive.WebView Android: WebView Android 59 and higher skips the deprecated child-src directive.

2022/3

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.report-sample Chrome6/5/2017 Safari3/14/20221743
http.headers.Content-Security-Policy.script-src-attr πŸ“‹Chrome6/4/2019 Safari3/14/20221014
http.headers.Content-Security-Policy.script-src-elem πŸ“‹Chrome6/4/2019 Safari3/14/20221014
http.headers.Content-Security-Policy.strict-dynamic Chrome7/20/2016 Safari3/14/20222063
http.headers.Content-Security-Policy.style-src-attr πŸ“‹Chrome6/4/2019 Safari3/14/20221014
http.headers.Content-Security-Policy.unsafe-hashes Chrome9/4/2018 Safari3/14/20221287
http.headers.Service-Worker-Navigation-Preload πŸ“‹Chrome6/5/2017 Safari3/14/20221743

2021/12

API First Browser Date Last Browser Date Days Notes
http.headers.Cross-Origin-Embedder-Policy πŸ“‹Chrome5/19/2020 Safari12/13/2021573
http.headers.Cross-Origin-Opener-Policy πŸ“‹Chrome5/19/2020 Safari12/13/2021573

2021/9

API First Browser Date Last Browser Date Days Notes
http.headers.Referrer-Policy.default_strict-origin-when-cross-origin Chrome8/25/2020 Safari9/20/2021391

2020/9

API First Browser Date Last Browser Date Days Notes
http.data-url.top_level_navigation_blocked Chrome7/25/2017 Safari9/16/20201149
http.headers.Cache-Control.stale-while-revalidate πŸ“‹Chrome6/4/2019 Safari9/16/2020470
http.headers.Referer.length_limit_4096B Chrome9/10/2019 Safari9/16/2020372

2019/12

API First Browser Date Last Browser Date Days Notes
http.mixed-content πŸ“‹Safari3/21/2016 Chrome12/10/20191359
http.mixed-content.blockable_mixed_content πŸ“‹Safari3/21/2016 Chrome12/10/20191359
Chrome: From version 79 blocks iframes, scripts, and stylesheets.Chrome Android: From version 79 blocks iframes, scripts, and stylesheets.Edge: From version 79 blocks iframes, scripts, and stylesheets.Quest Browser: From version 8.0 blocks iframes, scripts, and stylesheets.Opera: From version 66 blocks iframes, scripts, and stylesheets.Opera Android: From version 57 blocks iframes, scripts, and stylesheets.Samsung Internet: From version 12.0 blocks iframes, scripts, and stylesheets.WebView Android: From version 79 blocks iframes, scripts, and stylesheets.

2019/9

API First Browser Date Last Browser Date Days Notes
http.headers.Access-Control-Allow-Headers.wildcard Chrome12/6/2017 Safari9/19/2019652
http.headers.Access-Control-Allow-Methods.wildcard Chrome12/6/2017 Safari9/19/2019652
http.headers.Access-Control-Expose-Headers.wildcard Chrome3/6/2018 Safari9/19/2019562
http.headers.Set-Cookie.SameSite πŸ“‹Chrome5/25/2016 Safari9/19/20191212
Safari: Safari 13 on macOS 10.14 (Mojave), treats SameSite=None and invalid values as Strict. This is fixed in version 10.15 (Catalina) and later.Safari: Treats SameSite=None and invalid values as Strict in macOS before 10.15 Catalina. See bug 198181.Safari on iOS: Treats SameSite=None and invalid values as Strict in iOS before 13. See bug 198181.WebView on iOS: Treats SameSite=None and invalid values as Strict in iOS before 13. See bug 198181.
http.headers.Set-Cookie.SameSite.None Chrome5/29/2018 Safari9/19/2019478
Chrome: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Chrome Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Quest Browser: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Opera: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Opera Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.Safari: Not supported before macOS version 10.15 (Catalina).Samsung Internet: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.WebView Android: Rejects cookies with SameSite=None. See SameSite=None: Known Incompatible Clients.
http.headers.Set-Cookie.host_secure_prefixes Chrome3/2/2016 Safari9/19/20191296

2019/7

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Length.cors_response_safelist Safari3/25/2019 Chrome7/30/2019127

2019/3

API First Browser Date Last Browser Date Days Notes
http.headers.Cross-Origin-Resource-Policy πŸ“‹Safari9/17/2018 Chrome3/12/2019176
Chrome: Until version 75, downloads for files with this header would fail in Chrome. See bug 41452948.Chrome: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled.Chrome Android: Until version 75, downloads for files with this header would fail in Chrome Android. See bug 41452948.Chrome Android: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled.Quest Browser: Until version 7.0, downloads for files with this header would fail in Quest Browser. See bug 41452948.Quest Browser: From version 9.0 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 12.0, partial PDF loading is disabled.Opera: Until version 62, downloads for files with this header would fail in Opera. See bug 41452948.Opera: From version 67 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 72, partial PDF loading is disabled.Opera Android: Until version 54, downloads for files with this header would fail in Opera Android. See bug 41452948.Opera Android: From version 57 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 61, partial PDF loading is disabled.WebView Android: Until version 75, downloads for files with this header would fail in WebView Android. See bug 41452948.WebView Android: From version 80 to 85, linearized PDFs served inline with this header fail to render properly. See bug 40127935. From version 86, partial PDF loading is disabled.

2018/9

API First Browser Date Last Browser Date Days Notes
http.headers.Set-Cookie.SameSite.Lax Chrome5/25/2016 Safari9/17/2018845
http.headers.Set-Cookie.SameSite.Strict Chrome5/25/2016 Safari9/17/2018845

2018/4

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.form-action.blocks_redirects Chrome12/6/2017 Safari4/12/2018127
http.headers.Referrer-Policy πŸ“‹Chrome1/25/2017 Safari4/12/2018442
http.headers.Referrer-Policy.same-origin Chrome9/5/2017 Safari4/12/2018219
http.headers.Referrer-Policy.strict-origin Chrome9/5/2017 Safari4/12/2018219
http.headers.Referrer-Policy.strict-origin-when-cross-origin Chrome9/5/2017 Safari4/12/2018219
http.headers.Service-Worker πŸ“‹Chrome10/7/2014 Safari4/12/20181283
http.headers.Service-Worker-Allowed πŸ“‹Chrome4/14/2015 Safari4/12/20181094

2018/1

API First Browser Date Last Browser Date Days Notes
http.headers.X-Content-Type-Options πŸ“‹Safari9/19/2017 Chrome1/23/2018126
Chrome: Not supported for stylesheets.Chrome Android: Not supported for stylesheets.Opera: Not supported for stylesheets.Opera Android: Not supported for stylesheets.Samsung Internet: Not supported for stylesheets.WebView Android: Not supported for stylesheets.

2017/9

API First Browser Date Last Browser Date Days Notes
http.headers.Accept-Encoding.br πŸ“‹Chrome4/13/2016 Safari9/19/2017524
Safari: Unsupported before macOS 10.13 High Sierra.
http.headers.Content-Encoding.br πŸ“‹Chrome4/13/2016 Safari9/19/2017524
Safari: Unsupported before macOS 10.13 High Sierra.
http.headers.Content-Security-Policy.manifest-src πŸ“‹Chrome1/21/2015 Safari9/19/2017972
http.headers.Timing-Allow-Origin πŸ“‹Chrome10/12/2016 Safari9/19/2017342

2017/3

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.upgrade-insecure-requests πŸ“‹Chrome5/19/2015 Safari3/27/2017678
http.headers.Upgrade-Insecure-Requests πŸ“‹Chrome7/21/2015 Safari3/27/2017615

2017/1

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.worker_support Safari9/20/2016 Chrome1/25/2017127

2016/9

API First Browser Date Last Browser Date Days Notes
http.headers.Content-Security-Policy.base-uri πŸ“‹Chrome1/21/2015 Safari9/20/2016608
http.headers.Content-Security-Policy.block-all-mixed-content Chrome7/21/2015 Safari9/20/2016427
Chrome: Will be removed, see bug 40260100.Chrome Android: Will be removed, see bug 40260100.Edge: Will be removed, see bug 40260100.Quest Browser: Will be removed, see bug 40260100.Opera: Will be removed, see bug 40260100.Opera Android: Will be removed, see bug 40260100.Samsung Internet: Will be removed, see bug 40260100.WebView Android: Will be removed, see bug 40260100.
http.headers.Content-Security-Policy.child-src πŸ“‹Chrome1/21/2015 Safari9/20/2016608
http.headers.Content-Security-Policy.form-action πŸ“‹Chrome1/21/2015 Safari9/20/2016608
http.headers.Content-Security-Policy.frame-ancestors πŸ“‹Chrome1/21/2015 Safari9/20/2016608
Firefox: Before Firefox 58, frame-ancestors is ignored in Content-Security-Policy-Report-Only.Firefox for Android: Before Firefox for Android 58, frame-ancestors is ignored in Content-Security-Policy-Report-Only.

2014/7

API First Browser Date Last Browser Date Days Notes
http.status.308 πŸ“‹Safari10/22/2013 Chrome7/16/2014267
Internet Explorer: Does not work below Windows 10.

2013/10

API First Browser Date Last Browser Date Days Notes
http.headers.Authorization.NTLM Chrome12/11/2008 Safari10/22/20131776
http.headers.Authorization.Negotiate πŸ“‹Chrome12/11/2008 Safari10/22/20131776
http.headers.Content-Security-Policy πŸ“‹Chrome2/21/2013 Safari10/22/2013243
Internet Explorer: Only supporting 'sandbox' directive.
http.headers.Content-Security-Policy.connect-src πŸ“‹Chrome2/21/2013 Safari10/22/2013243
Firefox: Before Firefox 50, ping attributes of <a> elements weren't covered by connect-src.
http.headers.Content-Security-Policy.default-src πŸ“‹Chrome2/21/2013 Safari10/22/2013243
http.headers.Content-Security-Policy.font-src πŸ“‹Chrome2/21/2013 Safari10/22/2013243
http.headers.Content-Security-Policy.frame-src πŸ“‹Chrome2/21/2013 Safari10/22/2013243
http.headers.Content-Security-Policy.img-src πŸ“‹Chrome2/21/2013 Safari10/22/2013243
http.headers.Content-Security-Policy.media-src πŸ“‹Chrome2/21/2013 Safari10/22/2013243
http.headers.Content-Security-Policy.meta-element-support Chrome2/21/2013 Safari10/22/2013243
http.headers.Content-Security-Policy.object-src πŸ“‹Chrome2/21/2013 Safari10/22/2013243
http.headers.Content-Security-Policy.report-uri πŸ“‹Chrome2/21/2013 Safari10/22/2013243
http.headers.Content-Security-Policy.sandbox πŸ“‹Chrome2/21/2013 Safari10/22/2013243
http.headers.Content-Security-Policy.script-src πŸ“‹Chrome2/21/2013 Safari10/22/2013243
http.headers.Content-Security-Policy.style-src πŸ“‹Chrome2/21/2013 Safari10/22/2013243
http.headers.Content-Security-Policy-Report-Only πŸ“‹Chrome2/21/2013 Safari10/22/2013243
http.headers.SourceMap πŸ“‹Chrome3/28/2012 Safari10/22/2013573
Chrome: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Chrome Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Edge: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Quest Browser: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Opera: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Opera Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.Samsung Internet: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.WebView Android: Not supported for ECMAScript Modules (<script type="module">). See bug 40854862.
http.headers.Strict-Transport-Security πŸ“‹Chrome1/25/2010 Safari10/22/20131366
http.headers.WWW-Authenticate.NTLM Chrome12/11/2008 Safari10/22/20131776
http.headers.WWW-Authenticate.Negotiate πŸ“‹Chrome12/11/2008 Safari10/22/20131776

2012/7

API First Browser Date Last Browser Date Days Notes
http.headers.Sec-WebSocket-Accept πŸ“‹Chrome12/13/2011 Safari7/25/2012225
http.headers.Sec-WebSocket-Extensions πŸ“‹Chrome12/13/2011 Safari7/25/2012225
http.headers.Sec-WebSocket-Key πŸ“‹Chrome12/13/2011 Safari7/25/2012225
http.headers.Sec-WebSocket-Protocol πŸ“‹Chrome12/13/2011 Safari7/25/2012225
http.headers.Sec-WebSocket-Version πŸ“‹Chrome12/13/2011 Safari7/25/2012225

2010/6

API First Browser Date Last Browser Date Days Notes
http.headers.Set-Cookie.HttpOnly Chrome12/11/2008 Safari6/7/2010543
http.headers.Upgrade πŸ“‹Chrome5/25/2010 Safari6/7/201013

2010/1

API First Browser Date Last Browser Date Days Notes
http.data-url πŸ“‹Safari3/18/2008 Chrome1/25/2010678
Edge: Before Edge 79, the maximum size supported is 4GB.Internet Explorer: Since Internet Explorer 9, the maximum size supported is 4GB.Internet Explorer: In Internet Explorer 8, the maximum size supported is 32kB.
http.data-url.css_files Safari3/18/2008 Chrome1/25/2010678
http.data-url.html_files Safari3/18/2008 Chrome1/25/2010678
http.data-url.js_files Safari3/18/2008 Chrome1/25/2010678
http.headers.Access-Control-Allow-Credentials πŸ“‹Safari6/8/2009 Chrome1/25/2010231
http.headers.Access-Control-Allow-Headers πŸ“‹Safari6/8/2009 Chrome1/25/2010231
http.headers.Access-Control-Allow-Methods πŸ“‹Safari6/8/2009 Chrome1/25/2010231
http.headers.Access-Control-Allow-Origin πŸ“‹Safari6/8/2009 Chrome1/25/2010231
http.headers.Access-Control-Expose-Headers πŸ“‹Safari6/8/2009 Chrome1/25/2010231
http.headers.Access-Control-Max-Age πŸ“‹Safari6/8/2009 Chrome1/25/2010231
http.headers.Access-Control-Request-Headers πŸ“‹Safari6/8/2009 Chrome1/25/2010231
http.headers.Access-Control-Request-Method πŸ“‹Safari6/8/2009 Chrome1/25/2010231
http.headers.X-Frame-Options πŸ“‹Safari6/8/2009 Chrome1/25/2010231
http.headers.X-Frame-Options.SAMEORIGIN Safari6/8/2009 Chrome1/25/2010231
Chrome: Starting in Chrome 61, this applies to all of a frame's ancestors.Chrome Android: Starting in Chrome Android 61, this applies to all of a frame's ancestors.Firefox: Starting in Firefox 59, this applies to all of a frame's ancestors.Firefox for Android: Starting in Firefox for Android 59, this applies to all of a frame's ancestors.Quest Browser: Starting in Quest Browser 5.0, this applies to all of a frame's ancestors.Opera: Starting in Opera 48, this applies to all of a frame's ancestors.Opera Android: Starting in Opera Android 45, this applies to all of a frame's ancestors.Samsung Internet: Starting in Samsung Internet 8.0, this applies to all of a frame's ancestors.WebView Android: Starting in WebView Android 61, this applies to all of a frame's ancestors.

2008/12

API First Browser Date Last Browser Date Days Notes
http.headers.Accept πŸ“‹Safari6/23/2003 Chrome12/11/20081998
Firefox: In Firefox 66, the default Accept header value changed to */*.Firefox for Android: In Firefox for Android 66, the default Accept header value changed to */*.
http.headers.Accept-Encoding πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Accept-Language πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Accept-Ranges πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Age πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Authorization πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Authorization.Basic πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Authorization.Digest πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Authorization.Digest.md5 Safari6/23/2003 Chrome12/11/20081998
http.headers.Cache-Control πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Connection πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Content-Disposition πŸ“‹Safari6/23/2003 Chrome12/11/20081998
Chrome: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Chrome Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Firefox: From version 82, if an <a> element's download attribute is set (for a same-origin URL) then the inline directive is ignored. Earlier versions did not match the specification and respected the header directive over the attribute. See bug 1658877.Firefox for Android: From version 82, if an <a> element's download attribute is set (for a same-origin URL) then the inline directive is ignored. Earlier versions did not match the specification and respected the header directive over the attribute. See bug 1658877.Quest Browser: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Opera: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Opera Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.Safari: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384.Safari on iOS: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384.Samsung Internet: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.WebView Android: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 352093465.WebView on iOS: When saving documents, the document title is used instead of the filename parameter if the disposition type is inline. See bug 18384.
http.headers.Content-Encoding πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Content-Language πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Content-Length πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Content-Location πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Content-Range πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Content-Type πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Cookie πŸ“‹Safari6/23/2003 Chrome12/11/20081998
Safari: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.Safari on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.WebView on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.
http.headers.Date πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.ETag πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Expires πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.From πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Host πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.If-Match πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.If-Modified-Since πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.If-None-Match πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.If-Range πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.If-Unmodified-Since πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Keep-Alive πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Last-Modified πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Location πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Origin πŸ“‹Safari6/23/2003 Chrome12/11/20081998
Edge: Not sent with POST requestsFirefox: Not sent with POST requests, see bug 446344.Firefox for Android: Not sent with POST requests, see bug 446344.
http.headers.Pragma πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Proxy-Authenticate πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Range πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Referer πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Refresh πŸ“‹Safari6/23/2003 Chrome12/11/20081998
Firefox: From version 136 the HTTP Referer header is sent following a refresh that redirects to another page (if permitted)Firefox for Android: From version 136 the HTTP Referer header is sent following a refresh that redirects to another page (if permitted)
http.headers.Server πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Set-Cookie πŸ“‹Safari6/23/2003 Chrome12/11/20081998
Safari: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.Safari on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.WebView on iOS: Cookies with Secure flag are not sent to unsecured http://localhost/ endpoints. See bug 281149.
http.headers.Set-Cookie.Max-Age Safari6/23/2003 Chrome12/11/20081998
http.headers.TE πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Transfer-Encoding πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.User-Agent πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Vary πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.Via πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.WWW-Authenticate πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.WWW-Authenticate.Basic πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.WWW-Authenticate.Digest πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.headers.WWW-Authenticate.Digest.md5 Safari6/23/2003 Chrome12/11/20081998
http.headers.Warning πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.methods.CONNECT πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.methods.DELETE πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.methods.GET πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.methods.HEAD πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.methods.OPTIONS πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.methods.POST πŸ“‹Safari6/23/2003 Chrome12/11/20081998
http.methods.PUT πŸ“‹Safari6/23/2003 Chrome12/11/20081998