1. Cross-Origin Resource Sharing

    Method of performing XMLHttpRequests across domains

  2. DNSSEC and DANE

    Method of validating a DNS response against a trusted root server. Mitigates various attacks that could reroute a user to a fake site while showing the real URL for the original site.

  3. HTML5 semantic elements

    HTML5 offers some new elements, primarily for semantic purposes. The elements include: `section`, `article`, `aside`, `header`, `footer`, `nav`, `figure`, `figcaption`, `time`, `mark` & `main`.

  4. KeyboardEvent.location

    A `KeyboardEvent` property that indicates the location of the key on the input device. Useful when there are more than one physical key for the same logical key (e.g. left or right "Control" key; main or numpad "1" key).

  5. Resource Hints: preconnect

    Gives a hint to the browser to begin the connection handshake (DNS, TCP, TLS) in the background to improve performance. This is indicated using `<link rel="preconnect" href="https://example-domain.com/">`

  6. CSS3 object-fit/object-position

    Method of specifying how an object (image or video) should fit inside its box. object-fit options include "contain" (fit according to aspect ratio), "fill" (stretches object to fill) and "cover" (overflows box but maintains ratio), where object-position allows the object to be repositioned like background-image does.

  7. 'SameSite' cookie attribute

    Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

  8. Shadow DOM (V1)

    Method of establishing and maintaining functional boundaries between DOM trees and how these trees interact with each other within a document, thus enabling better functional encapsulation within the DOM & CSS.

  9. Cross-document messaging

    Method of sending information from a page on one domain to a page on a different one (using postMessage)

  10. analysernode api: getbytetimedomaindata

  11. analysernode api: getfloattimedomaindata

  12. document api: domain

  13. idledeadline api: timeremaining

  14. performanceresourcetiming api: domainlookupend

  15. performanceresourcetiming api: domainlookupstart

  16. performancetiming api: domainlookupend

  17. performancetiming api: domainlookupstart

  18. html element: main

  19. headers http header: feature-policy: document-domain

  20. headers http header: permissions-policy: document-domain

  21. javascript operator: remainder (`%`)

  22. javascript operator: remainder assignment (`x %= y`)