The Website Specification — Changelog

New page on CSS anchor positioning

Wed, 24 Jun 2026 00:00:00 GMT

Added a page on CSS anchor positioning — the anchor-name, position-anchor, and position-area mechanism (CSS Anchor Positioning Module Level 1) that tethers tooltips, menus, and popovers to their trigger with no JavaScript, working across overflow and stacking boundaries. It became Baseline newly available in early 2026 and pairs with the Popover API.

New page on Trusted Types

Tue, 23 Jun 2026 00:00:00 GMT

Added a page on Trusted Types — the browser mechanism that makes DOM injection sinks like innerHTML reject plain strings and demand a vetted typed value, switched on with the require-trusted-types-for and trusted-types CSP directives. It reached Baseline in February 2026 and closes the DOM-based XSS gap that a nonce-based CSP leaves open.

New page on Clear-Site-Data

Mon, 22 Jun 2026 00:00:00 GMT

Added a page on Clear-Site-Data — the response header that tells the browser to wipe cookies, storage, and caches for your origin. It pairs with cookie attributes: set the attributes right while a session lives, then clear everything in one header on sign-out.

New page on forced colours mode

Mon, 22 Jun 2026 00:00:00 GMT

Added a page on forced colours mode — the forced-colors media feature (CSS Media Queries Level 5) that signals when Windows High Contrast and similar palettes are active. It sits alongside colour contrast and color-scheme: use system colour keywords to repair boundaries the user’s palette flattens, without overriding their choice.

New page on HTTP/1.1 workarounds to avoid

Sat, 20 Jun 2026 00:00:00 GMT

Added an avoid page on HTTP/1.1 workarounds — sharding, sprites, and bundling. Domain sharding and image sprites were ways round HTTP/1.1’s six-connection-per-origin limit and now fight a multiplexed HTTP/2 / HTTP/3 connection — drop them. Bundling is the nuanced case: stop concatenating to cut requests, but do it to cut bytes (compression favours larger inputs) — inline what blocks paint, concatenate what compresses, split what changes. With thanks to Jono.

New page on Agentic Resource Discovery (ARD)

Fri, 19 Jun 2026 00:00:00 GMT

Added a page on Agentic Resource Discovery (ARD), the new Linux Foundation / Google draft that lets a domain publish an AI Catalog at /.well-known/ai-catalog.json listing the agent capabilities it offers. The site now ships it as a worked example: our catalog lists the MCP server and A2A agent, advertised through a Link header, a link rel, a robots.txt Agentmap: directive, and DNS.

New page on Open Knowledge Format (OKF) bundles

Fri, 19 Jun 2026 00:00:00 GMT

Added a page on the Open Knowledge Format (OKF) bundle, a convention for packaging a whole knowledge base as a tree of typed Markdown concept files an agent can ingest in one fetch. The site now ships it as a worked example: the spec is generated into a browsable bundle at /okf/ and a single /okf.tar.gz, advertised through our AI Catalog — which now lists the OKF bundle and the Agent Skill alongside the MCP server and A2A agent — and through /llms.txt.

Redundant entry (WCAG 2.2 SC 3.3.7)

Thu, 18 Jun 2026 00:00:00 GMT

Added a page on redundant entry, WCAG 2.2 Success Criterion 3.3.7 (Level A): information a user already entered earlier in the same process must be auto-populated or selectable, not typed again. It covers the essential, security, and expired exceptions and the carry-forward and autocomplete patterns that satisfy it.

New page on the Server-Timing header

Thu, 18 Jun 2026 00:00:00 GMT

Added a page on the Server-Timing header, which surfaces backend metrics — database time, cache hits, edge processing — in browser DevTools and to real-user monitoring via the PerformanceServerTiming API. The site now ships it as a worked example: every response carries an edge timing metric measured in the Cloudflare Pages middleware.

New page on the translate attribute

Thu, 18 Jun 2026 00:00:00 GMT

Added a page on the translate attribute, which marks content that automatic translation systems must leave alone — brand names, code, and identifiers. It complements the lang attribute: lang declares what language content is in, while translate="no" keeps Google Translate and the browser’s built-in translation from mangling terms that have no localised form.

Added a page on accessible authentication

Wed, 17 Jun 2026 00:00:00 GMT

New Accessibility topic on accessible authentication — WCAG 2.2 added success criteria 3.3.8 and 3.3.9, which forbid making people pass a cognitive function test (recalling a password, transcribing a code, solving a puzzle) to log in unless an accessible alternative exists. The page covers supporting password managers, allowing paste, autocomplete="one-time-code", and passkeys; status: recommended.

MDN's MCP server cited on the MCP page

Wed, 17 Jun 2026 00:00:00 GMT

The MCP and tool discovery page now points to MDN’s 2026 MCP server as a real-world example of a reference site exposing its documentation and Baseline browser-compatibility data over the protocol — reinforcing that a structured, queryable corpus is the case where shipping an MCP server earns its keep.

Added a page on the Reporting API (Reporting-Endpoints)

Tue, 16 Jun 2026 00:00:00 GMT

New Security topic on the Reporting API — the Reporting-Endpoints response header that names collectors for the browser’s structured reports: CSP and COOP violations, permissions-policy breaches, deprecations, interventions, and crashes. It supersedes the legacy Report-To header and report-uri directive. The site now ships the header and a collector, closing a ship-it-before-you-spec-it gap; status: recommended.

Added a page on cross-origin isolation (COOP / COEP / CORP)

Thu, 11 Jun 2026 00:00:00 GMT

New Security topic on cross-origin isolation — the Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy response headers that sever risky cross-window links (tabnabbing, XS-Leaks) and keep your resources out of an attacker’s process (Spectre). The site already ships COOP and CORP on every response, so this closes a ship-it-before-you-spec-it gap; status: recommended.

Added a page on Compression Dictionary Transport

Wed, 10 Jun 2026 00:00:00 GMT

New Performance topic on Compression Dictionary Transport (RFC 9842) — reusing a previously served response, or a dedicated dictionary, as a Brotli/Zstandard dictionary so updated assets compress to a fraction of their size. Pure progressive enhancement over ordinary compression; status: optional.

FAQ rich results retired by Google

Wed, 10 Jun 2026 00:00:00 GMT

Updated Structured data to reflect that Google retired the FAQ rich result in 2026. FAQPage is still valid schema.org vocabulary, but it no longer produces a search feature and no answer engine has confirmed it favours the markup over rendered HTML — so add it only for genuine, visible Q-and-A content, never for SERP or “GEO” gain.

Added a page on conditional requests

Tue, 09 Jun 2026 00:00:00 GMT

New Performance topic on conditional requests — how ETag, Last-Modified and 304 Not Modified responses let browsers and agents revalidate cached responses cheaply instead of re-downloading unchanged bodies. Status: recommended.

Six new topics across six categories

Mon, 08 Jun 2026 00:00:00 GMT

A batch of new pages landed: Mobile-friendly form inputs, dynamic viewport units, graceful degradation when JavaScript fails, mixed content and upgrade-insecure-requests, server-side rendering, and /.well-known/webauthn for Related Origin Requests.

The Website Specification, v0.1

Fri, 29 May 2026 00:00:00 GMT

First public version: a platform-agnostic specification of what a good website does, spanning Foundations, SEO, Accessibility, Security, Well-Known URIs, Agent Readiness, Performance, Privacy, Resilience and Internationalisation. Every topic is tagged required, recommended, optional or avoid, and cited from primary sources. Available as HTML, Markdown, a checklist, llms.txt, RSS, and an MCP server.