So far I haven't come up with many substantial improvements, but I do have a starter list in no particular.
[Updated list based on Jeremiah's recommendations]
- IE8 removed CSS expressions support
- Rails now does output escaping by default?
- The new STS header.
- Firefox checks for updates to plugins
- Mozilla Content Security Policy (CSP)
- Microsoft IE8 X-Frame-Options anti-framing header
Your recommendations welcomed.