name
score postMessage JSON.parse toStaticHTML httpOnly cookies X-Frame-Options X-Content-Type-Options Block reflected XSS Block location spoofing Block JSON hijacking Block XSS in CSS Sandbox attribute Origin header Strict Transport Security Block cross-origin CSS attacks Cross Origin Resource Sharing Block visited link sniffing Content Security Policy # Tests
Chrome 56 16/17 yes yes no yes yes yes yes yes yes yes yes yes yes yes yes yes yes 379
Firefox 46 14/17 yes yes no yes yes no yes yes yes yes yes no yes yes yes yes yes 410
IE 10 14/17 yes yes yes yes yes yes yes yes yes yes yes no no yes yes yes no 1324
IE 11 14/17 yes yes yes yes yes yes yes yes yes yes yes no no yes yes yes no 3175
Safari 10.0.03 0
Chrome 56 16/17 yes yes no yes yes yes yes yes yes yes yes yes yes yes yes yes yes 379
Firefox 46 14/17 yes yes no yes yes no yes yes yes yes yes no yes yes yes yes yes 410
Chrome Mobile 56 16/17 yes yes no yes yes yes yes yes yes yes yes yes yes yes yes yes yes 96
IEMobile 11 0
iPhone 7 0