Changelog
Browser support and spec changes that affect security headers, CSP, and OAuth. Updated when something material changes.
Pages in this section are living documents — updated when browsers ship new support or specs change. Last updated: 2026-04-03
-
CSP Browser Support 2026 — Directive Compatibility Table
Which CSP directives work in Chrome, Firefox, Safari, Edge — including Trusted Types and newer directives.
-
HTTP Security Headers 2026 — What Changed, What's New
X-XSS-Protection deprecated, COEP credentialless support, HSTS preload stricter minimum — all 2025–2026 changes.
-
OAuth 2.1 Changes — What Developers Need to Update
Implicit Flow removed, ROPC removed, PKCE required for all clients. Migration checklist included.