diff --git a/index.html b/index.html
index 707590647..55d90738d 100644
--- a/index.html
+++ b/index.html
@@ -4,7 +4,7 @@
     <meta charset="UTF-8" />
     <link rel="icon" type="image/svg+xml" href="/vite.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>OneSignal Dev</title>
+    <title>OneSignal Dev — SDK-4180 Safari VAPID Test</title>
     <style>
       .in-app-notification {
         position: fixed;
@@ -20,63 +20,108 @@
         animation: slideIn 0.3s ease-out;
         font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
       }
-      .in-app-notification h4 {
-        margin: 0 0 8px 0;
-        font-size: 16px;
+      * {
+        box-sizing: border-box;
       }
-      .in-app-notification p {
-        margin: 0;
-        font-size: 14px;
-        opacity: 0.9;
+      body {
+        font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+        max-width: 720px;
+        margin: 40px auto;
+        padding: 0 20px;
+        color: #1a1a2e;
       }
-      .in-app-notification .close-btn {
-        position: absolute;
-        top: 8px;
-        right: 12px;
-        background: none;
-        border: none;
-        color: white;
-        font-size: 20px;
-        cursor: pointer;
-        opacity: 0.7;
+      h1 {
+        font-size: 22px;
+        margin-bottom: 4px;
       }
-      .in-app-notification .close-btn:hover {
-        opacity: 1;
+      .subtitle {
+        color: #666;
+        margin-bottom: 24px;
       }
-      @keyframes slideIn {
-        from {
-          transform: translateX(100%);
-          opacity: 0;
-        }
-        to {
-          transform: translateX(0);
-          opacity: 1;
-        }
+      .card {
+        background: #f8f9fa;
+        border: 1px solid #e0e0e0;
+        border-radius: 10px;
+        padding: 20px;
+        margin-bottom: 16px;
       }
-      .demo-section {
-        margin: 20px 0;
-        padding: 16px;
-        background: #f5f5f5;
-        border-radius: 8px;
-      }
-      .demo-section h3 {
+      .card h3 {
         margin-top: 0;
       }
-      .toggle-btn {
+      button {
         padding: 10px 20px;
         font-size: 14px;
         cursor: pointer;
         border: none;
         border-radius: 6px;
-        margin-right: 10px;
+        margin-right: 8px;
+        margin-bottom: 8px;
+      }
+      .btn-primary {
+        background: #e63946;
+        color: white;
+      }
+      .btn-primary:hover {
+        background: #c1121f;
       }
-      .toggle-btn.active {
-        background: #667eea;
+      .btn-secondary {
+        background: #457b9d;
         color: white;
       }
-      .toggle-btn:not(.active) {
-        background: #ddd;
-        color: #333;
+      .btn-secondary:hover {
+        background: #1d3557;
+      }
+      #log {
+        background: #1a1a2e;
+        color: #a8dadc;
+        font-family: 'SF Mono', 'Menlo', 'Monaco', monospace;
+        font-size: 12px;
+        padding: 16px;
+        border-radius: 8px;
+        max-height: 300px;
+        overflow-y: auto;
+        white-space: pre-wrap;
+        word-break: break-all;
+      }
+      #log .error {
+        color: #e63946;
+      }
+      #log .success {
+        color: #2a9d8f;
+      }
+      #log .info {
+        color: #e9c46a;
+      }
+      table {
+        width: 100%;
+        border-collapse: collapse;
+        font-size: 14px;
+      }
+      td {
+        padding: 6px 0;
+      }
+      td:first-child {
+        font-weight: 600;
+        width: 200px;
+      }
+      .tag {
+        display: inline-block;
+        padding: 2px 8px;
+        border-radius: 4px;
+        font-size: 12px;
+        font-weight: 600;
+      }
+      .tag-legacy {
+        background: #ffc9c9;
+        color: #c92a2a;
+      }
+      .tag-vapid {
+        background: #b2f2bb;
+        color: #2b8a3e;
+      }
+      .tag-unknown {
+        background: #e0e0e0;
+        color: #666;
       }
     </style>
     <script>
@@ -86,11 +131,7 @@
 
       window.OneSignalDeferred = window.OneSignalDeferred || [];
       OneSignalDeferred.push(async function (OneSignal) {
-        // for testing consent required
         OneSignal.Debug.setLogLevel('trace');
-        // OneSignal.setConsentRequired(true);
-
-        // for testing, normally this is set on (temporary) in the database client
         OneSignal._isNewVisitor = true;
 
         OneSignal.init({
@@ -99,16 +140,134 @@
           notifyButton: {
             enable: true,
             prenotify: true,
-            showBadgeAfter: 0, // show immediately instead of waiting 300ms
+            showBadgeAfter: 0,
           },
         });
-
-        // OneSignal.setConsentRequired(true);
       });
     </script>
   </head>
   <body>
+    <div class="card">
+      <h3>Browser & Safari Push Info</h3>
+      <table>
+        <tr>
+          <td>User Agent</td>
+          <td id="ua">—</td>
+        </tr>
+        <tr>
+          <td>window.safari exists</td>
+          <td id="safari-exists">—</td>
+        </tr>
+        <tr>
+          <td>Legacy permission state</td>
+          <td id="legacy-perm">—</td>
+        </tr>
+        <tr>
+          <td>Legacy deviceToken</td>
+          <td id="legacy-token">—</td>
+        </tr>
+        <tr>
+          <td>Notification.permission</td>
+          <td id="notif-perm">—</td>
+        </tr>
+        <tr>
+          <td>PushSubscriptionOptions</td>
+          <td id="vapid-support">—</td>
+        </tr>
+        <tr>
+          <td>Expected push path</td>
+          <td id="push-path">—</td>
+        </tr>
+      </table>
+    </div>
+
+    <div class="card">
+      <h3>Actions</h3>
+      <button class="btn-primary" id="request-perm">Request Permission</button>
+      <button class="btn-secondary" id="refresh-info">Refresh Info</button>
+    </div>
+
+    <div class="card">
+      <h3>Log</h3>
+      <div id="log"></div>
+    </div>
+
     <script type="module" src="/src/entries/pageSdkInit.ts" defer></script>
-    <!-- <h1>OneSignal Dev</h1> -->
+    <script>
+      const $ = (id) => document.getElementById(id);
+      const log = (msg, cls = '') => {
+        const el = $('log');
+        const span = document.createElement('span');
+        if (cls) span.className = cls;
+        span.textContent = `[${new Date().toLocaleTimeString()}] ${msg}\n`;
+        el.appendChild(span);
+        el.scrollTop = el.scrollHeight;
+      };
+
+      function refreshInfo() {
+        $('ua').textContent = navigator.userAgent;
+
+        const hasSafari =
+          typeof window.safari !== 'undefined' &&
+          typeof window.safari.pushNotification !== 'undefined';
+        $('safari-exists').textContent = hasSafari ? 'Yes' : 'No';
+
+        if (hasSafari) {
+          try {
+            const safariWebId =
+              OneSignal?.config?.safariWebId ||
+              'web.onesignal.auto.6187ce57-f346-4a86-93e4-7d70d494c000';
+            const perm = window.safari.pushNotification.permission(safariWebId);
+            $('legacy-perm').textContent = perm.permission;
+            $('legacy-token').textContent = perm.deviceToken || '(null)';
+
+            if (perm.permission === 'granted' && perm.deviceToken) {
+              $('push-path').innerHTML =
+                '<span class="tag tag-legacy">Legacy Safari Push</span> (existing subscriber)';
+            } else {
+              $('push-path').innerHTML =
+                '<span class="tag tag-vapid">Standard VAPID Push</span> (new user)';
+            }
+          } catch (e) {
+            $('legacy-perm').textContent = 'Error: ' + e.message;
+            $('legacy-token').textContent = '—';
+          }
+        } else {
+          $('legacy-perm').textContent = 'N/A (not Safari)';
+          $('legacy-token').textContent = 'N/A';
+          const isVapid = typeof PushSubscriptionOptions !== 'undefined';
+          $('push-path').innerHTML = isVapid
+            ? '<span class="tag tag-vapid">Standard VAPID Push</span>'
+            : '<span class="tag tag-unknown">Push not supported</span>';
+        }
+
+        const vapidSupport = typeof PushSubscriptionOptions !== 'undefined';
+        $('vapid-support').textContent = vapidSupport ? 'Supported' : 'Not available';
+        $('notif-perm').textContent =
+          typeof Notification !== 'undefined' ? Notification.permission : 'N/A';
+      }
+
+      $('request-perm').addEventListener('click', async () => {
+        log('Requesting push permission...', 'info');
+        try {
+          await OneSignal.Notifications.requestPermission();
+          log('Permission granted!', 'success');
+        } catch (e) {
+          log('Error: ' + e.message, 'error');
+        }
+        refreshInfo();
+      });
+
+      $('refresh-info').addEventListener('click', refreshInfo);
+
+      window.OneSignalDeferred = window.OneSignalDeferred || [];
+      OneSignalDeferred.push(() => {
+        log('OneSignal initialized', 'success');
+        refreshInfo();
+      });
+
+      // Initial info on page load
+      setTimeout(refreshInfo, 500);
+    </script>
   </body>
 </html>
diff --git a/package.json b/package.json
index 3d7941ee9..c8eb73d05 100644
--- a/package.json
+++ b/package.json
@@ -76,12 +76,12 @@
     },
     {
       "path": "./build/releases/OneSignalSDK.page.es6.js",
-      "limit": "42.22 kB",
+      "limit": "42.28 kB",
       "gzip": true
     },
     {
       "path": "./build/releases/OneSignalSDK.sw.js",
-      "limit": "12.28 kB",
+      "limit": "12.35 kB",
       "gzip": true
     },
     {
diff --git a/src/shared/environment/detect.test.ts b/src/shared/environment/detect.test.ts
index f41c61915..3420ec0fc 100644
--- a/src/shared/environment/detect.test.ts
+++ b/src/shared/environment/detect.test.ts
@@ -1,4 +1,8 @@
-import { describe, expect, test, vi } from 'vite-plus/test';
+import { TestEnvironment } from '__test__/support/environment/TestEnvironment';
+import { beforeEach, describe, expect, test, vi } from 'vite-plus/test';
+
+import { SubscriptionType } from '../subscriptions/constants';
+import { getSubscriptionType, useSafariLegacyPush } from './detect';
 
 let getOneSignalApiUrl: typeof import('src/shared/environment/detect').getOneSignalApiUrl;
 
@@ -7,6 +11,44 @@ const resetModules = async () => {
   getOneSignalApiUrl = (await import('src/shared/environment/detect')).getOneSignalApiUrl;
 };
 
+const FAKE_SAFARI_WEB_ID = 'web.onesignal.auto.017d7a1b-f1ef-4fce-a00c-21a546b5491d';
+
+const mockSafariPushNotification = (
+  permission: 'default' | 'granted' | 'denied',
+  deviceToken: string | null,
+) => {
+  Object.defineProperty(window, 'safari', {
+    value: {
+      pushNotification: {
+        permission: () => ({ permission, deviceToken }),
+      },
+    },
+    writable: true,
+    configurable: true,
+  });
+};
+
+const clearSafariWindow = () => {
+  Object.defineProperty(window, 'safari', {
+    value: undefined,
+    writable: true,
+    configurable: true,
+  });
+};
+
+const mockVapidSupport = () => {
+  window.PushSubscriptionOptions = {
+    prototype: {
+      // @ts-expect-error - we're mocking the PushSubscriptionOptions type
+      applicationServerKey: undefined,
+    },
+  };
+};
+
+const clearVapidSupport = () => {
+  delete (globalThis as any).PushSubscriptionOptions;
+};
+
 describe('Environment Helper', () => {
   test('can get api url ', async () => {
     // staging
@@ -39,3 +81,93 @@ describe('Environment Helper', () => {
     ).toBe('https://onesignal.com/api/v1/');
   });
 });
+
+describe('useSafariLegacyPush', () => {
+  beforeEach(() => {
+    TestEnvironment.initialize();
+    clearSafariWindow();
+    mockVapidSupport();
+  });
+  test('returns false when window.safari is undefined', () => {
+    expect(useSafariLegacyPush()).toBe(false);
+  });
+
+  test('returns false when safari.pushNotification is undefined', () => {
+    Object.defineProperty(window, 'safari', {
+      value: {},
+      writable: true,
+      configurable: true,
+    });
+    expect(useSafariLegacyPush()).toBe(false);
+  });
+
+  test('returns false when safariWebId is not configured', () => {
+    mockSafariPushNotification('granted', 'abc123');
+    OneSignal.config!.safariWebId = undefined;
+    expect(useSafariLegacyPush()).toBe(false);
+  });
+
+  test('returns false when legacy permission is "default" (new user on Safari 16.4+)', () => {
+    mockSafariPushNotification('default', null);
+    OneSignal.config!.safariWebId = FAKE_SAFARI_WEB_ID;
+    expect(useSafariLegacyPush()).toBe(false);
+  });
+
+  test('returns false when legacy permission is "denied"', () => {
+    mockSafariPushNotification('denied', null);
+    OneSignal.config!.safariWebId = FAKE_SAFARI_WEB_ID;
+    expect(useSafariLegacyPush()).toBe(false);
+  });
+
+  test('returns false when permission is "granted" but deviceToken is null', () => {
+    mockSafariPushNotification('granted', null);
+    OneSignal.config!.safariWebId = FAKE_SAFARI_WEB_ID;
+    expect(useSafariLegacyPush()).toBe(false);
+  });
+
+  test('returns true when user has an active legacy subscription', () => {
+    mockSafariPushNotification('granted', 'aabbccdd11223344');
+    OneSignal.config!.safariWebId = FAKE_SAFARI_WEB_ID;
+    expect(useSafariLegacyPush()).toBe(true);
+  });
+
+  test('returns true on Safari < 16.4 (no VAPID support) even for new users', () => {
+    clearVapidSupport();
+    mockSafariPushNotification('default', null);
+    OneSignal.config!.safariWebId = FAKE_SAFARI_WEB_ID;
+    expect(useSafariLegacyPush()).toBe(true);
+  });
+});
+
+describe('getSubscriptionType', () => {
+  beforeEach(() => {
+    TestEnvironment.initialize();
+    clearSafariWindow();
+    mockVapidSupport();
+  });
+
+  test('returns SafariLegacyPush for existing legacy Safari subscribers', () => {
+    mockSafariPushNotification('granted', 'aabbccdd11223344');
+    OneSignal.config!.safariWebId = FAKE_SAFARI_WEB_ID;
+    expect(getSubscriptionType()).toBe(SubscriptionType._SafariLegacyPush);
+  });
+
+  test('returns SafariPush (VAPID) for new Safari users on Safari 16.4+', () => {
+    mockSafariPushNotification('default', null);
+    OneSignal.config!.safariWebId = FAKE_SAFARI_WEB_ID;
+    expect(getSubscriptionType()).not.toBe(SubscriptionType._SafariLegacyPush);
+  });
+
+  test('does not return SafariLegacyPush when safari window exists but no legacy subscription', () => {
+    mockSafariPushNotification('denied', null);
+    OneSignal.config!.safariWebId = FAKE_SAFARI_WEB_ID;
+    expect(getSubscriptionType()).not.toBe(SubscriptionType._SafariLegacyPush);
+  });
+
+  test('returns SafariLegacyPush on Safari < 16.4 (no VAPID support)', () => {
+    clearVapidSupport();
+    mockSafariPushNotification('default', null);
+    OneSignal.config!.safariWebId = FAKE_SAFARI_WEB_ID;
+    expect(getSubscriptionType()).toBe(SubscriptionType._SafariLegacyPush);
+  });
+});
diff --git a/src/shared/environment/detect.ts b/src/shared/environment/detect.ts
index 16aee3cd9..af73332e8 100644
--- a/src/shared/environment/detect.ts
+++ b/src/shared/environment/detect.ts
@@ -19,8 +19,33 @@ export const supportsServiceWorkers = () => {
 
 export const windowEnvString = IS_SERVICE_WORKER ? 'Service Worker' : 'Browser';
 
-export const useSafariLegacyPush = () =>
-  isBrowser() && window.safari?.pushNotification != undefined;
+/**
+ * Returns true when the legacy Safari push path should be used.
+ *
+ * Safari 16.4+ supports standard Web Push (VAPID), but `window.safari.pushNotification`
+ * was never removed. Previously this function returned true whenever that API existed,
+ * which forced ALL macOS Safari users onto the legacy path — even on browsers that
+ * fully support VAPID. Now we check the actual permission state: only users who have
+ * already granted legacy push (and have a deviceToken) stay on the legacy path, because
+ * Safari doesn't support migrating from legacy push to standard web push.
+ *
+ * On Safari < 16.4, VAPID is not available so the legacy path is the only option.
+ */
+export const useSafariLegacyPush = (): boolean => {
+  if (!isBrowser() || window.safari?.pushNotification == undefined) {
+    return false;
+  }
+  const safariWebId = OneSignal?.config?.safariWebId;
+  if (!safariWebId) return false;
+
+  const hasVapidSupport =
+    typeof PushSubscriptionOptions !== 'undefined' &&
+    PushSubscriptionOptions.prototype.hasOwnProperty('applicationServerKey');
+  if (!hasVapidSupport) return true;
+
+  const { permission, deviceToken } = window.safari.pushNotification.permission(safariWebId);
+  return permission === 'granted' && deviceToken != null;
+};
 
 export const supportsVapidPush =
   typeof PushSubscriptionOptions !== 'undefined' &&
diff --git a/vite.config.ts b/vite.config.ts
index 0a4e09467..874910ff8 100644
--- a/vite.config.ts
+++ b/vite.config.ts
@@ -150,10 +150,9 @@ export default defineConfig({
   server: {
     open: true,
     port: 4000,
-    https: {
-      cert: './certs/cert.pem',
-      key: './certs/dev.pem',
-    },
+    https: getBooleanEnv(process.env.HTTPS)
+      ? { cert: './certs/cert.pem', key: './certs/dev.pem' }
+      : {},
   },
   test: {
     clearMocks: true,

User Agent	—
window.safari exists	—
Legacy permission state	—
Legacy deviceToken	—
Notification.permission	—
PushSubscriptionOptions	—
Expected push path	—