Non-standard: This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.
window.credentialless read-only property returns a boolean that indicates whether the current document was loaded inside a credentialless
<iframe>, meaning that it is loaded in a new, ephemeral context.
This context doesn't have access to the network, cookies, and storage data associated with its origin. It uses a new context local to the top-level document lifetime. In return, the
Cross-Origin-Embedder-Policy (COEP) embedding rules can be lifted, so documents with COEP set can embed third-party documents that do not.
See IFrame credentialless for a deeper explanation.
A boolean. A value of
true indicates that the document was loaded inside a credentialless
false indicates that it was not.
You can specify a credentialless
<iframe> like so:
<iframe src="https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)" title="Spectre vulnerability Wikipedia page" width="960" height="600" credentialless>
In supporting browsers, if the document loaded in the
<iframe> were to run the following line, it would return
No specification found
No specification data found for
Check for problems with this page or contribute a missing
spec_url to mdn/browser-compat-data. Also make sure the specification is included in w3c/browser-specs.
BCD tables only load in the browser