- We reject responses with negative Content-Length; Chrome accepts them and ignores the Content-Length (apparently).
- Chrome implements TLS False Start; we do not
- Chrome does heuristic cache validation for resources with query strings in their URI; we do not.
- MSIE requires that a successful connection to the server be made before it will use an HTTPS cache entry; we do not. I don't know what Chrome does here.
- Our SSL CA certificate database is basically a subset of Windows' and Mac OS X's, so our users are probably more likely to encounter certificate error pages unnecessarily.
- I have heard that different browsers are handling DNS pinning in different ways, but I haven't investigated it yet.
- MSIE implements TLS 1.1 and TLS 1.2, but we do not.
- Safari (on iPhone only?) implements an often-effective (but not always-effective) captive portal detection mechanism. Windows also implements a captive portal detection mechanism (that we should probably integrate with, if possible). We do not have any effective captive portal detection.
- Other browsers implement persistent OCSP caches, but we do not (for various reasons).
- Other browsers have more robust certificate chain processing; ours gets confused in some common situations.
- Chrome implements origin-bound cookies and channel-bound cookies; no other browsers do, but at least the concept seems like a good idea.