Security Feature Browser Support

On this page you can find up-to-date tables of how different browsers support security features.

Clear Site Data
The fantastic Clear-Site-Data header is mostly supported by all modern browsers except for Safari, but unfortunately the execution context clearing hasn't yet been implemented in almost any of them.
Content Security Policy
The awesome CSP and its various features are widely supported by many browsers. The new features added with CSP level 3 however are not yet fully supported, most notably Safari doesn't support them at all.
Cross-Origin Embedder Policy
The cross-origin embedder policy feature is supported by Chrome, Edge and Firefox.
Cross-Origin Opener Policy
The cross-origin opener policy feature supported by Chrome, Edge and Firefox.
Cross-Origin Resource Policy
The cross-origin resource policy feature is pretty well supported on newer browsers, even Safari supports it!
Feature Policy
The feature policy in itself is quite decently supported, but the different features vary by browser.
Fetch Metadata
The relatively new fetch metadata request headers are not yet very widely supported, but luckily they can be used in a fully backwards compatible way.
Referrer Policy
Referrer policies are supported quite well.
Strict Transport Security
HSTS and all of its features are very well supported.
X-Frame-Options is widely supported by browsers but the ALLOW-FROM is not. If you want to allow specific websites to frame your page, use Content-Security-Policy and frame-ancestors.