mdn · bsmth · Mar 21, 2025 · Mar 19, 2025 · Mar 21, 2025
@@ -19,7 +19,7 @@ A successful {{domxref("CredentialsContainer.get", "navigator.credentials.get()"
 
 _Inherits properties from its ancestor, {{domxref("Credential")}}._
 
-- {{domxref("IdentityCredential.isAutoSelected")}} {{ReadOnlyInline}} {{experimental_inline}} {{non-standard_inline}}
+- {{domxref("IdentityCredential.isAutoSelected")}} {{ReadOnlyInline}} {{experimental_inline}}
   - : A boolean value that indicates whether the federated sign-in was carried out using [auto-reauthentication](/en-US/docs/Web/API/FedCM_API/RP_sign-in#auto-reauthentication) (i.e. without user mediation) or not.
 - {{domxref("IdentityCredential.token")}} {{experimental_inline}}
   - : Returns the token used to validate the associated sign-in.

@@ -5,11 +5,10 @@ slug: Web/API/IdentityCredential/isAutoSelected
 page-type: web-api-instance-property
 status:
   - experimental
-  - non-standard
 browser-compat: api.IdentityCredential.isAutoSelected
 ---
 
-{{securecontext_header}}{{APIRef("FedCM API")}}{{SeeCompatTable}}{{non-standard_header}}
+{{securecontext_header}}{{APIRef("FedCM API")}}{{SeeCompatTable}}
 
 The **`isAutoSelected`** read-only property of the {{domxref("IdentityCredential")}} interface indicates whether the federated sign-in flow was carried out using [auto-reauthentication](/en-US/docs/Web/API/FedCM_API/RP_sign-in#auto-reauthentication) (i.e. without user mediation) or not.
 

@@ -159,9 +159,9 @@ Reporting directives control the destination URL for CSP violation reports in `C
 
 ### Other directives
 
-- {{CSP("require-trusted-types-for")}} {{experimental_inline}}
+- {{CSP("require-trusted-types-for")}}
   - : Enforces [Trusted Types](/en-US/docs/Web/API/Trusted_Types_API) at the DOM XSS injection sinks.
-- {{CSP("trusted-types")}} {{experimental_inline}}
+- {{CSP("trusted-types")}}
   - : Used to specify an allowlist of [Trusted Types](/en-US/docs/Web/API/Trusted_Types_API) policies.
     Trusted Types allows applications to lock down DOM XSS injection sinks to only accept non-spoofable, typed values in place of strings.
 - {{CSP("upgrade-insecure-requests")}}

@@ -2,14 +2,12 @@
 title: "CSP: require-trusted-types-for"
 slug: Web/HTTP/Reference/Headers/Content-Security-Policy/require-trusted-types-for
 page-type: http-csp-directive
-status:
-  - experimental
 browser-compat: http.headers.Content-Security-Policy.require-trusted-types-for
 ---
 
-{{HTTPSidebar}}{{SeeCompatTable}}
+{{HTTPSidebar}}
 
-The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) **`require-trusted-types-for`** {{experimental_inline}} directive instructs user agents to control the data passed to DOM XSS sink functions, like {{DOMxRef("Element.innerHTML")}} setter.
+The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) **`require-trusted-types-for`** directive instructs user agents to control the data passed to DOM XSS sink functions, like {{DOMxRef("Element.innerHTML")}} setter.
 
 When used, those functions only accept non-spoofable, typed values created by Trusted Type policies, and reject strings. Together with **[`trusted-types`](/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/trusted-types)** directive, which guards creation of Trusted Type policies, this allows authors to define rules guarding writing values to the DOM and thus reducing the DOM XSS attack surface to small, isolated parts of the web application codebase, facilitating their monitoring and code review.
 

@@ -2,14 +2,12 @@
 title: "CSP: trusted-types"
 slug: Web/HTTP/Reference/Headers/Content-Security-Policy/trusted-types
 page-type: http-csp-directive
-status:
-  - experimental
 browser-compat: http.headers.Content-Security-Policy.trusted-types
 ---
 
-{{HTTPSidebar}}{{SeeCompatTable}}
+{{HTTPSidebar}}
 
-The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) **`trusted-types`** {{experimental_inline}} directive instructs user agents to restrict the creation of Trusted Types policies - functions that build non-spoofable, typed values intended to be passed to DOM XSS sinks in place of strings.
+The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) **`trusted-types`** directive instructs user agents to restrict the creation of Trusted Types policies - functions that build non-spoofable, typed values intended to be passed to DOM XSS sinks in place of strings.
 
 Together with **[`require-trusted-types-for`](/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/require-trusted-types-for)** directive, this allows authors to define rules guarding writing values to the DOM and thus reducing the DOM XSS attack surface to small, isolated parts of the web application codebase, facilitating their monitoring and code review. This directive declares an allowlist of trusted type policy names created with `trustedTypes.createPolicy` from Trusted Types API.