Skip to content

http.headers.Content-Security-Policy - strict-dynamic works on Firefox for Android #29228

New issue
New issue
Open
Open
http.headers.Content-Security-Policy - strict-dynamic works on Firefox for Android#29228
Labels
data:httpCompat data for HTTP features. https://developer.mozilla.org/docs/Web/HTTPneeds triageThis issue needs to be confirmed
@Schlaumra

Description

@Schlaumra
Schlaumra
opened on Mar 11, 2026

What type of issue is this?

Incorrect support data (example: BrowserX says "86" but support was added in "40")

What information was incorrect, unhelpful, or incomplete?

Firefox for Android supports the strict-dynamic source value.

I tried to pin down a commit on https://hg-edge.mozilla.org/mozilla-central/log/ but did not found any. I suspect it lies in the core shared by all versions of Firefox.

What browsers does this problem apply to, if applicable?

Firefox

What did you expect to see?

Supported by Firefox Android

Did you test this? If so, how?

I tested a CSP directive with nonce and strict-dynamic enabled, loading a third party library which injects JS code. No blocking detected. Checked with debugger.

Can you link to any release notes, bugs, pull requests, or MDN pages related to this?

No response

Do you have anything more you want to share?

Maybe I'm missing something obvious.

MDN URL

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy

MDN metadata

MDN page report details
  • Query: http.headers.Content-Security-Policy
  • Report started: 2026-03-11T08:49:43.217Z

Metadata

Metadata

Assignees

No one assigned

    Labels

    data:httpCompat data for HTTP features. https://developer.mozilla.org/docs/Web/HTTPneeds triageThis issue needs to be confirmed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions