1. Web
  2. HTTP
  3. Reference
  4. Headers
  5. Permissions-Policy
  6. ch-ua-high-entropy-values

Permissions-Policy: ch-ua-high-entropy-values directive

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTTP Permissions-Policy header ch-ua-high-entropy-values directive controls whether or not the document is permitted to use the NavigatorUAData.getHighEntropyValues() method to retrieve high-entropy user-agent data.

If the permission is not allowed, the method will only return the brands, mobile, and platform low-entropy data.

Syntax

http
Permissions-Policy: ch-ua-high-entropy-values=<allowlist>;
<allowlist>

A list of origins for which permission is granted to use the feature. See Permissions-Policy > Syntax for more details.

Default policy

The default allowlist for ch-ua-high-entropy-values is *.

Examples

Restricting high-entropy data to specific origins

The following policy would only allow the current origin and two other specific origins to retrieve high-entropy data.

http
Permissions-Policy: ch-ua-high-entropy-values=("self https://a.example.com" "https://b.example.com")

You could then embed one of the two other origins:

html
<iframe src="https://a.example.com" allow="ch-ua-high-entropy-values"></iframe>

Specifications

This feature does not appear to be defined in any specification.

Browser compatibility

See also

Help improve MDN

Learn how to contribute

This page was last modified on by MDN contributors.

View this page on GitHubReport a problem with this content