Features restricted to secure contexts

This reference lists the web platform features available only in secure contexts — see Secure Contexts for a definition and more details.

Current features available only in secure contexts

This section lists all the APIs available only in secure contexts, along with browser versions the limitation was introduced in, as appropriate.

Note: Only the browsers that actually support secure contexts are listed in this document. See here for information on secure contexts support.

API Chrome/Opera Edge Safari Firefox
Service Workers 40 17 11.1 44 (44)
Push API 42 17 No support 44 (44)
Payment Request API (and Basic Card Payment). 61 15 11.1 In development (behind the dom.payments.request.enabled pref).
Credential Management API 51 No support No support No support
Web Authentication API 65 In preview (17) In development 60 (60)
Storage API 55 No support No support 51 (51)
Async Clipboard API 66 No support No support 63 (63)
Background Sync (see SyncManager, for example) 49 No support No support No support
Web Bluetooth 56 No support No support No support
Web MIDI (see MIDIAccess, for example) 43 No support No support No support
Generic Sensor API 67 No support No support No support

Secure context restrictions that vary by browser

Some browsers may decide to disable certain APIs in non-secure contexts or apply other restrictions/security measures, despite the spec not requiring them. This section lists any such differences existing in browsers.

API Chrome Edge Safari Firefox
Application Cache Restricted to secure contexts planned in Chrome 70 deprecation planning started in February 2018 public interest on deprecation WebKit bug 182442 Restricted to secure contexts in Firefox 62
Geolocation Restricted to secure contexts in 50   Restricted to secure contexts in 10 Restricted to secure contexts in 55
Device Orientaion / Device Motion Deprecation warning     Deprecation warnings since 60. Note that these apply to secure contexts as well.
Encrypted Media Extensions Restricted to secure contexts in 58     Planned.
getUserMedia() Restricted to secure contexts in Chrome 47     Temporary access available only (users cannot choose "Remember this decision" in the permission request dialog).
Notifications Restricted to secure contexts in Chrome 62      
<a ping> attribute   Disabled in non-secure contexts   Support has been added since Firefox 3, but never been enabled by default (behind the browser.send_pings pref).
Presentation Deprecation warning in 61      
Web Crypto API has been restricted to HTTPS since early days (API was visible in HTTP as well but operations failed). Restricted to secure contexts in Chrome 60 (API is no longer visible on non-secure contexts).     Planned.
registerProtocolHandler()       Restricted to secure contexts in Firefox 62.

Note: Safari and Chrome don't support the full secure contexts specification so APIs may work when using HTTPS iframes inside an HTTP page or pages that have an 'opener context' with an insecure page (this happens when an HTTP page uses Window.open() or the target attribute with a value of _blank).

Future features that will be available only in secure contexts

See also

Document Tags and Contributors

Last updated by: mfuji09,