| title | description | author | ms.author | ms.topic | ms.service | ms.date |
|---|---|---|---|---|---|---|
Site compatibility-impacting changes coming to Microsoft Edge |
Summary of high-impact changes that are planned for Microsoft Edge that may impact website compatibility. |
MSEdgeTeam |
msedgedevrel |
conceptual |
microsoft-edge |
03/31/2025 |
This article highlights:
- High-impact differences between Microsoft Edge and the Chromium project, the browser engine which Microsoft Edge is based on.
- High-impact web platform changes, which might impact browser compatibility on your site, and which the Microsoft Edge team is tracking especially closely.
For more information about other changes in Microsoft Edge, see Release notes for Microsoft Edge web platform.
The web platform is a collection of technologies used for building webpages, including HTML, CSS, JavaScript, and many other open standards. The web platform constantly evolves to improve the user experience, security, and privacy. In some cases, these changes may affect the functionality of existing webpages.
For functionality and compatibility reasons, Microsoft Edge adopts nearly all of the Chromium project's changes to the web platform. However, Microsoft retains full control of the Microsoft Edge browser and may defer or reject changes. The Microsoft Edge team decides if the change benefits browser users.
For information about upcoming Chromium project web platform changes, see Chrome Platform Status Release timeline.
This table lists high-impact changes which the Microsoft Edge team is tracking closely.
| Change | Release | Description |
|---|---|---|
| Insecure downloads over HTTP | Future release (TBD) | When a user tries to download potentially dangerous content from an HTTP site, the user will receive a UI warning, such as "Insecure download blocked." The user will still have an option to proceed and download the item. Admins can use the InsecureContentAllowedForUrls policy to specify HTTP sites for which the warning will be suppressed. Admins can use the InsecureDownloadWarnings feature flag to test the impact of this upcoming feature. |
| Deprecate unload event | Future release (TBD) | Introduces a new Permission-Policy to allow creating unload event listeners. The default policy is allow, but the default policy will gradually be migrated to deny, such that unload handlers stop firing on pages, unless a page explicitly opts in to re-enable them. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see Intent to Deprecate: Deprecate unload event. |
Deprecate getHostEnvironmentValue |
v137-v141 | Deprecate the non-standards-based, Microsoft Edge-only window.external.getHostEnvironmentValue() method, in favor of using the standardized User-Agent Client Hints API to expose browser and platform information. User-Agent Client Hints provide browser and platform information in a more privacy-preserving way. See Detect Windows 11 and CPU architecture using User-Agent Client Hints, and User-Agent Client Hints API. |
| HTTPS policy updates | v136-v139 | The AutomaticHttpsDefault policy is supported but discouraged in v136, and is planned to be removed in v139. Instead, use the new HttpsUpgradesEnabled policy, which is available starting in v136. |
Deprecate Intl.Locale getters |
v136 | The accessor properties of the Intl.Locale object are now deprecated, in favor of the corresponding functions, per specification. See Deprecate Intl.Locale getters, in Microsoft Edge 136 web platform release notes (May 2025). |
Remove navigator.xr.supportsSession method |
v135 | The deprecated navigator.xr.supportsSession property is removed from the WebXR API. See Remove navigator.xr.supportsSession method, in Microsoft Edge 135 web platform release notes (Apr. 2025). |
Remove WebGPU limit maxInterStageShaderComponents |
v135 | The maxInterStageShaderComponents limit is now removed. See Remove WebGPU limit maxInterStageShaderComponents, in Microsoft Edge 135 web platform release notes (Apr. 2025). |
Deprecate -ms-high-contrast and -ms-high-contrast-adjust |
v134-v138 | The CSS -ms-high-contrast media query and the -ms-high-contrast-adjust property are being deprecated, in favor of the standard-based forced colors feature. See Deprecating support for -ms-high-contrast and -ms-high-contrast-adjust. |
WebGPU maxInterStageShaderComponents limit |
v133 | The WebGPU maxInterStageShaderComponents limit is being removed. See Deprecate WebGPU limit maxInterStageShaderComponents. |
<link rel=prefetch> five-minute rule |
v133 | Previously, when a resource was prefetched by using <link rel=prefetch>, its cache semantics (specifically, max-age and no-cache) were ignored for the first use within 5 minutes, to avoid refetching. Now, this special case has been removed, and normal HTTP cache semantics are used. See Remove <link rel=prefetch> five-minute rule. |
Deprecate textprediction attribute |
v133 | Removes support for the textprediction HTML attribute, which is a nonstandard attribute that's used to enable or disable the browser-based Text Prediction feature for long-form text inputs. Instead, use the standardized writingsuggestions attribute, which functions similarly to textprediction, but also applies to other writing-assistance features that browsers may provide. Sites that explicitly set textprediction to true or false can instead set writingsuggestions to the same value. For more information, see Writing suggestions in the HTML specification. |
| Change | Release | Description |
|---|---|---|
| Removal of Token Binding support | v127, v130 | Token Binding uses cryptographic certificates on both ends of the TLS connection in an attempt to close the security gap of bearer tokens, which may be lost or stolen. The enterprise policy AllowTokenBindingsForUrls will no longer be supported, as of v127. Support for the Token Binding protocol will be removed in v130. |
| Removal of mutation events | v127 | Removes support for mutation events in Chromium. Use the MutationObserver API instead. See Intent to Deprecate: Mutation Events. |
| Removal of Web SQL | v124 | Fully removes Web SQL support. In prior releases, Web SQL support was disabled by default but could be re-enabled via the WebSQLAccess policy. After this change, there is no longer any mechanism to enable Web SQL support. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see Intent to Deprecate and Remove Web SQL. |
| Added support for AVIF and AV1 file formats | v121 | Microsoft Edge now supports the AVIF and AV1 file formats, which offer better compression and higher quality images and videos. Users can enjoy faster loading times and better quality media on websites. |
| Removal of Native Client (NaCl) | v120 | To enhance web security and performance, Native Client (NaCl) is no longer supported for Microsoft Edge (along with other browsers). NaCl was supported through v115. In v116 through v119, NaCl was only usable by enabling an enterprise policy. WebAssembly (Wasm) is recommended instead of NaCl; see Run compiled code in an extension. |
Ignore modifications to document.domain by default |
v119 | The document.domain property historically could be set to relax the same-origin policy and allow subdomains from a site to interact. This behavior will be disabled by default, such that setting the document.domain property will have no effect. For more information and workarounds, see Microsoft Edge will disable modifying document.domain. |
| New TLS server certificate verifier | v111 (managed devices), v109 (unmanaged devices) | No site compatibility impacts are anticipated. If you have uncommon TLS server certificate deployments, you should test in v109 to confirm there's no impact. For more information and testing guidance, see Changes to Microsoft Edge browser TLS server certificate verification. |
| Send CORS preflight requests for private network access | v104 | Starting with v104, Microsoft Edge sends a CORS preflight request before a page from the internet is allowed to request resources from a local network (intranet). The intranet server should respond to the preflight by providing explicit permission to access the resource. The result of this check is not yet enforced. Enforcement will begin in v111 at the earliest. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the Chrome Platform Status entry and Chrome Developers blog post. Two compatibility policies are available to suppress the CORS preflight request: InsecurePrivateNetworkRequestAllowed and InsecurePrivateNetworkRequestAllowedForUrls. |
| Block external protocols in sandboxed frames by default | v103 | Blocks the use of external protocols (that interact with non-browser applications) from sandboxed iframes unless permission is explicitly granted by the sandbox attribute on the frame. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the Chrome Platform Status entry. |
| Three-digit version number in the User-Agent string | v100 | Starting with v100, Microsoft Edge will send a three-digit version number in the User-Agent header, such as Edg/100. This may confuse scripts or server-side analytics that use a buggy parser to determine the User-Agent string version number. Starting with v97, site owners can emulate this condition before v100 by enabling the experiment flag #force-major-version-to-100 in edge://flags. |
| Deprecate WebRTC's Plan B SDP semantics | v98 (Chrome+2) | This change is happening in the Chromium project, on which Microsoft Edge is based. This change deprecates a legacy Session Description Protocol (SDP) dialect called Plan B. This SDP format is being replaced by the Unified Plan, which is a spec-compliant and cross-browser compatible SDP format. For more information, see the Chrome Platform Status entry, PSA: Plan B should throw in M96 Beta and Stable, and PSA: Plan B throwing in Stable and Extended Deprecation Trial End Date. The Microsoft rollout schedule for deprecation is planned for two releases after Chrome. Requesting a WebRTC Plan B Reverse Origin Trial Token allows sites to continue to use the deprecated API until v101. |
| Block WebSQL in third-party contexts | v97 | Use of the legacy WebSQL feature will be blocked from third-party frames. An Enterprise policy WebSQLInThirdPartyContextEnabled will be available as an opt-out until v101. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the Chrome Platform Status entry. |
| Block mixed content downloads | v94 | Downloading of files from HTTP URLs will be blocked on HTTPS pages. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the Google security blog entry. |
| Restrict private network requests to secure contexts | v94 | Starting with v94, access to resources on local (intranet) networks from pages on the internet requires that those pages be delivered over HTTPS. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the Chrome Platform Status entry. Two compatibility policies are available to support scenarios that need to preserve compatibility with non-secure pages: InsecurePrivateNetworkRequestAllowed and InsecurePrivateNetworkRequestAllowedForUrls. |
| Removal of 3DES in TLS | v93 | Starting with v93, support for the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite will be removed. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the Chrome Platform Status entry. Additionally, in v93, a compatibility policy will be available to support scenarios that need to preserve compatibility with outdated servers. This compatibility policy will become obsolete and stop working in v95. Make sure that you update affected servers before then. |
| Autoupgrade mixed content images | v88 | Non-secure (HTTP) references to images are automatically upgraded to HTTPS. If the image isn't available over HTTPS, the image download fails. A Group Policy is available to control this feature. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the Chrome Platform Status entry. |
| Removal of Adobe Flash | v88 | This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the Adobe Flash Chromium Roadmap. |
| Remove FTP support | v88 | Deprecated but still present starting in Beta v87. In v88, FTP support is removed entirely. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the Chrome Platform Status Entry. Enterprises that have sites that still require FTP support can continue to use FTP by configuring the site to use IE mode. |
| HTTP authentication disallowed when third-party cookies are blocked | v87 | Starting with v87, when cookies are blocked for third-party requests, using either the BlockThirdPartyCookies policy or the toggle in edge://settings, HTTP authentication is also disallowed. This change may impact Enterprise Mode Site List downloads for Internet Explorer mode if the endpoint hosting the list requires the use of HTTP authentication. To allow the use of both cookies and HTTP authentication for Enterprise Mode Site List downloads, add a matching URL pattern to the CookiesAllowedForURLs policy. |
| Deprecate AppCache | v86 (Chrome+1) | This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, see the WebDev documentation. The Microsoft rollout schedule for deprecation is planned for one release after Chrome. Requesting an AppCache OriginTrial Token allows sites to continue to use the deprecated API until v90. |
Referrer Policy: Default to strict-origin-when-cross-origin |
v86 (Chrome+1) | Deprecated but still present starting in Canary v79, Dev v79. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, including the planned timeline by Google for this change, see the Chrome Platform Status entry. |
Cookies default to SameSite=Lax and SameSite=None-requires-Secure |
v86 (Chrome+1) | Deprecated but still present starting in Canary v82, Dev v82. This change is happening in the Chromium project, on which Microsoft Edge is based. For more information, including the planned timeline by Google for this change, see the Chrome Platform Status entry. |
| Turn off TLS/1.0 and TLS/1.1 | v84 | Versions 1.0 and 1.1 of the TLS protocol used by HTTPS sites are now obsolete and unavailable in modern browsers. |
| Display subtle prompt for notification permissions requests | v84 | Quiet notification requests display a subtle request icon in the address bar for site notification permissions requested using the Notifications or Push API, replacing the full or standard permission flyout prompt UI. This feature is currently enabled for all users. To opt out of quiet notification requests, see edge://settings/content/notifications. In the future, the Microsoft Edge team may explore re-enabling the full flyout notification prompt in some scenarios. |
Disallow synchronous XmlHttpRequest in page dismissal |
v83 (Chrome+1) | This change is happening in the Chromium project, on which Microsoft Edge is based. Matching Chrome, Microsoft Edge offers a Group Policy to turn off this change until v88. For more information, including the planned timeline by Google for this change, see the Chrome Platform Status entry. |
This article uses the following notation for browser release numbers.
| Notation | Description |
|---|---|
| v123 | The feature or change ships in Microsoft Edge version 123. |
| v123 (Chrome+1) | The feature or change ships in Microsoft Edge version 123, which is one release after the feature or change ships in Chrome version 122. |
| v123 (Chrome+2) | The feature or change ships in Microsoft Edge version 123, which is two releases after the feature or change ships in Chrome version 121. |
| Beta v123 | The feature or change ships in version 123 of the Beta preview channel of Microsoft Edge. |
| Dev v123 | The feature or change ships in version 123 of the Dev preview channel of Microsoft Edge. |
| Canary v123 | The feature or change ships in version 123 of the Canary preview channel of Microsoft Edge. |