Merge pull request #3418 from MicrosoftDocs/user/pabrosse/https-policies

captainbrosset · web-flow · commit ad854256fb7b · 2025-04-01T08:06:51.000Z
Deprecate AutomaticHttpsDefault in "Site compatibility changes"
diff --git a/microsoft-edge/web-platform/site-impacting-changes.md b/microsoft-edge/web-platform/site-impacting-changes.md
@@ -5,7 +5,7 @@ author: MSEdgeTeam
 ms.author: msedgedevrel
 ms.topic: conceptual
 ms.service: microsoft-edge
-ms.date: 02/27/2025
+ms.date: 03/31/2025
 ---
 # Site compatibility-impacting changes coming to Microsoft Edge
 
@@ -37,6 +37,7 @@ This table lists high-impact changes which the Microsoft Edge team is tracking c
 | Insecure downloads over HTTP | Future release (TBD) | When a user tries to download potentially dangerous content from an HTTP site, the user will receive a UI warning, such as "Insecure download blocked."  The user will still have an option to proceed and download the item.  Admins can use the `InsecureContentAllowedForUrls` policy to specify HTTP sites for which the warning will be suppressed.  Admins can use the `InsecureDownloadWarnings` feature flag to test the impact of this upcoming feature. |
 | Deprecate unload event | Future release (TBD) | Introduces a new Permission-Policy to allow creating unload event listeners. The default policy is `allow`, but the default policy will gradually be migrated to `deny`, such that unload handlers stop firing on pages, unless a page explicitly opts in to re-enable them.  This change is happening in the Chromium project, on which Microsoft Edge is based.  For more information, see [Intent to Deprecate: Deprecate unload event](https://groups.google.com/a/chromium.org/g/blink-dev/c/dvusqw9-IhI/m/SBkm_u1RAQAJ). |
 | Deprecate `getHostEnvironmentValue` | v137-v141 | Deprecate the non-standards-based, Microsoft Edge-only `window.external.getHostEnvironmentValue()` method, in favor of using the standardized User-Agent Client Hints API to expose browser and platform information.  User-Agent Client Hints provide browser and platform information in a more privacy-preserving way.  See [Detect Windows 11 and CPU architecture using User-Agent Client Hints](./how-to-detect-win11.md), and [User-Agent Client Hints API](https://developer.mozilla.org/docs/Web/API/User-Agent_Client_Hints_API). |
+| HTTPS policy updates | v136-v139 | The `AutomaticHttpsDefault` policy is supported but discouraged in v136, and is planned to be removed in v139.  Instead, use the new `HttpsUpgradesEnabled`<!-- todo: link --> policy, which is available starting in v136. |
 | Deprecate `Intl.Locale` getters | v135 | The accessor properties of the `Intl.Locale` object are now deprecated, in favor of the corresponding functions, per specification. See [Deprecate `Intl.Locale` getters](./release-notes/135.md#deprecate-intllocale-getters), in _Microsoft Edge 135 web platform release notes (Apr. 2025)_. |
 | Remove `navigator.xr.supportsSession` method | v135 | The deprecated `navigator.xr.supportsSession` property is removed from the WebXR API. See [Remove `navigator.xr.supportsSession` method](./release-notes/135.md#remove-navigatorxrsupportssession-method), in _Microsoft Edge 135 web platform release notes (Apr. 2025)_. |
 | Remove WebGPU limit `maxInterStageShaderComponents` | v135 | The `maxInterStageShaderComponents` limit is now removed. See [Remove WebGPU limit `maxInterStageShaderComponents`](./release-notes/135.md#remove-webgpu-limit-maxinterstageshadercomponents), in _Microsoft Edge 135 web platform release notes (Apr. 2025)_. |
