Support by various browsers for various HTTP security headers

See http://www.ibuildings.com/blog/2013/03/4-http-security-headers-you-should-always-be-using.

There's already a separate thread for one of the four security headers mentioned in the above article: Support by various browsers for HTTP Strict Transport Security (HSTS).

Test a website's headers for security features.

 

Browser support for security features.

 

It says "Content-Security-Policy" fails for Chromium, while my experience is that it works (HTTPSB uses this for preventing inline javascript).

I looked into all the headers received when running the test, and nowhere did I see an instance of the header "Content-Security-Policy". So far it looks like the test failed because they actually didn't use the "Content-Security-Policy" header to test the Content Security Policy header... (Firefox "failed" too.)