Changelog
Browser support and spec changes that affect security headers, CSP, and OAuth. Updated when something material changes.
Pages in this section are living documents โ updated when browsers ship new support or specs change. Last updated: 2026-04-03
- CSP Browser Support 2026 โ Directive Compatibility Table
Which CSP directives work in Chrome, Firefox, Safari, Edge โ including Trusted Types and newer directives.
- HTTP Security Headers 2026 โ What Changed, What's New
X-XSS-Protection deprecated, COEP credentialless support, HSTS preload stricter minimum โ all 2025โ2026 changes.
- OAuth 2.1 Changes โ What Developers Need to Update
Implicit Flow removed, ROPC removed, PKCE required for all clients. Migration checklist included.