Security Feature Browser Support

The fantastic Clear-Site-Data header is mostly supported by all modern browsers except for Safari, but unfortunately the execution context clearing hasn't yet been implemented in almost any of them.

The awesome CSP and its various features are widely supported by many browsers. The new features added with CSP level 3 however are not yet fully supported, most notably Safari doesn't support them at all.

The cross-origin embedder policy feature is supported by Chrome, Edge and Firefox.

The cross-origin opener policy feature supported by Chrome, Edge and Firefox.

The cross-origin resource policy feature is pretty well supported on newer browsers, even Safari supports it!

The feature policy in itself is quite decently supported, but the different features vary by browser.

The relatively new fetch metadata request headers are not yet very widely supported, but luckily they can be used in a fully backwards compatible way.

Referrer policies are supported quite well.

HSTS and all of its features are very well supported.

X-Frame-Options is widely supported by browsers but the ALLOW-FROM is not. If you want to allow specific websites to frame your page, use Content-Security-Policy and frame-ancestors.