Feature-Policy
The HTTP Feature-Policy header provides a mechanism to allow and deny the use of browser features in its own frame, and in iframes that it embeds.
For more information, see the main Feature Policy article.
Syntax
Feature-Policy: <directive> <allowlist>
- <allowlist>
-
An allowlist is a list of origins that takes one or more of the following values:
-
*: The feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin. -
'self': The feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin. -
'src': (In an iframe allow attribute only) The feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the URL in the iframe's src attribute. -
'none': The feature is disabled in top-level and nested browsing contexts. - <origin(s)>: The feature is allowed for specific origins (for example, https://example.com). Origins should be separated by a space.
The values * (enable for all origins) or 'none' (disable for all origins) may only be used alone, while 'self' and 'src' may be used with one or more origins.
Features are each defined to have a default allowlist, which is one of:
-
*: The feature is allowed by default in top-level browsing contexts and all nested browsing contexts (iframes). -
'self': The feature is allowed by default in top-level browsing contexts and in nested browsing contexts (iframes) in the same origin. The feature is not allowed in cross-origin documents in nested browsing contexts. -
'none': The feature is disabled in top-level and nested browsing contexts.
Directives
autoplay- Controls whether the current document is allowed to autoplay media requested through the
HTMLMediaElement interface. When this policy is enabled and there were no user gestures, the Promise returned by HTMLMediaElement.play() will reject with a DOMException. The autoplay attribute on <audio> and <video> elements will be ignored. camera- Controls whether the current document is allowed to use video input devices. When this policy is enabled, the
Promise returned by MediaDevices.getUserMedia() will reject with a NotAllowedError. document-domain- Controls whether the current document is allowed to set
document.domain. When this policy is enabled, attempting to set document.domain will fail and cause a SecurityError DOMException to be be thrown. encrypted-media- Controls whether the current document is allowed to use the Encrypted Media Extensions API (EME). When this policy is enabled, the
Promise returned by Navigator.requestMediaKeySystemAccess() will reject with a DOMException. fullscreen- Controls whether the current document is allowed to use
Element.requestFullScreen(). When this policy is enabled, the returned Promise rejects with a TypeError. geolocation- Controls whether the current document is allowed to use the
Geolocation Interface. When this policy is enabled, calls to getCurrentPosition() and watchPosition() will cause those functions' callbacks to be invoked with a PositionError code of PERMISSION_DENIED. microphone- Controls whether the current document is allowed to use audio input devices. When this policy is enabled, the
Promise returned by MediaDevices.getUserMedia() will reject with a NotAllowedError. midi- Controls whether the current document is allowed to use the Web MIDI API. When this policy is enabled, the
Promise returned by Navigator.requestMIDIAccess() will reject with a DOMException. payment- Controls whether the current document is allowed to use the Payment Request API. When this policy is enabled, the
PaymentRequest() constructor will throw a SecurityError. vr- Controls whether the current document is allowed to use the WebVR API. When this policy is enabled, the
Promise returned by Navigator.getVRDisplays() will reject with a DOMException.
Example
SecureCorp Inc. wants to disable Vibration and Geolocation APIs in their application. It can do so by delivering the following HTTP response header to define a feature policy:
Feature-Policy: vibrate 'none'; geolocation 'none'
By specifying the 'none' keyword for the origin list, the specified features will be disabled for all browsing contexts, regardless of their origin.
Specifications
|
Desktop |
|
Chrome |
Edge |
Firefox |
Internet Explorer |
Opera |
Safari |
| Basic support
|
60 |
No |
No |
No |
47 |
No |
accelerometer
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
No |
56 Disabled
- 56
Disabled
- Disabled From version 56: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
ambient-light-sensor
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
No |
56 Disabled
- 56
Disabled
- Disabled From version 56: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
autoplay
|
64 |
No |
No |
No |
51 |
No |
camera
|
59 |
No |
No |
No |
48 |
No |
encrypted-media
|
59 |
No |
No |
No |
48 |
No |
fullscreen
|
57 |
No |
No |
No |
46 |
No |
geolocation
|
56 |
No |
No |
No |
45 |
No |
gyroscope
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
No |
56 Disabled
- 56
Disabled
- Disabled From version 56: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
layout-animations
|
No |
No |
No |
No |
No |
No |
legacy-image-formats
|
68 Disabled
- 68
Disabled
- Disabled From version 68: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
No |
55 Disabled
- 55
Disabled
- Disabled From version 55: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
magnetometer
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
No |
56 Disabled
- 56
Disabled
- Disabled From version 56: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
maximum-downscaling-image
|
68 Disabled
- 68
Disabled
- Disabled From version 68: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
No |
55 Disabled
- 55
Disabled
- Disabled From version 55: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
microphone
|
59 |
No |
No |
No |
48 |
No |
midi
|
56 |
No |
No |
No |
45 |
No |
payment
|
56 |
No |
No |
No |
45 |
No |
picture-in-picture
|
No |
No |
No |
No |
No |
No |
speaker
|
59 |
No |
No |
No |
48 |
No |
sync-xhr
|
65 Disabled
- 65
Disabled
- Disabled From version 65: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
No |
52 Disabled
- 52
Disabled
- Disabled From version 52: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
unsized-media
|
66 Disabled
- 66
Disabled
- Disabled From version 66: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
No |
53 Disabled
- 53
Disabled
- Disabled From version 53: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
usb
|
60 |
No |
No |
No |
47 |
No |
vibrate
|
56 |
No |
No |
No |
43 |
No |
vr
|
62 |
No |
No |
No |
49 |
No |
|
Mobile |
|
Android webview |
Chrome for Android |
Edge Mobile |
Firefox for Android |
Opera for Android |
iOS Safari |
Samsung Internet |
| Basic support
|
60 |
60 |
No |
No |
47 |
No |
No |
accelerometer
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
56 Disabled
- 56
Disabled
- Disabled From version 56: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
No |
ambient-light-sensor
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
56 Disabled
- 56
Disabled
- Disabled From version 56: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
No |
autoplay
|
64 |
64 |
No |
No |
51 |
No |
No |
camera
|
59 |
59 |
No |
No |
48 |
No |
No |
encrypted-media
|
59 |
59 |
No |
No |
48 |
No |
No |
fullscreen
|
57 |
57 |
No |
No |
46 |
No |
No |
geolocation
|
56 |
56 |
No |
No |
45 |
No |
No |
gyroscope
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
56 Disabled
- 56
Disabled
- Disabled From version 56: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
No |
layout-animations
|
No |
No |
No |
No |
No |
No |
No |
legacy-image-formats
|
68 Disabled
- 68
Disabled
- Disabled From version 68: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
68 Disabled
- 68
Disabled
- Disabled From version 68: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
55 Disabled
- 55
Disabled
- Disabled From version 55: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
No |
magnetometer
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
69 Disabled
- 69
Disabled
- Disabled From version 69: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
56 Disabled
- 56
Disabled
- Disabled From version 56: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
No |
maximum-downscaling-image
|
68 Disabled
- 68
Disabled
- Disabled From version 68: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
68 Disabled
- 68
Disabled
- Disabled From version 68: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
55 Disabled
- 55
Disabled
- Disabled From version 55: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
No |
microphone
|
59 |
59 |
No |
No |
48 |
No |
No |
midi
|
56 |
56 |
No |
No |
45 |
No |
No |
payment
|
56 |
56 |
No |
No |
45 |
No |
No |
picture-in-picture
|
No |
No |
No |
No |
No |
No |
No |
speaker
|
59 |
59 |
No |
No |
48 |
No |
No |
sync-xhr
|
65 Disabled
- 65
Disabled
- Disabled From version 65: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
65 Disabled
- 65
Disabled
- Disabled From version 65: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
52 Disabled
- 52
Disabled
- Disabled From version 52: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
No |
unsized-media
|
66 Disabled
- 66
Disabled
- Disabled From version 66: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
66 Disabled
- 66
Disabled
- Disabled From version 66: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled). To change preferences in Chrome, visit chrome://flags.
|
No |
No |
53 Disabled
- 53
Disabled
- Disabled From version 53: this feature is behind the
#enable-experimental-productivity-features preference (needs to be set to Enabled).
|
No |
No |
usb
|
60 |
60 |
No |
No |
47 |
No |
No |
vibrate
|
56 |
56 |
No |
No |
43 |
No |
No |
vr
|
62 |
62 |
No |
No |
49 |
No |
No |
See also