This reference lists the web platform features available only in secure contexts — see Secure Contexts for a definition and more details.
Current features available only in secure contexts
This section lists all the APIs available only in secure contexts, along with browser versions the limitation was introduced in, as appropriate.
Note: Only the browsers that actually support secure contexts are listed in this document. See here for information on secure contexts support.
|Application Cache||(Yes)||?||?||60, Nightly/Beta|
||47 / (Yes)||No restriction; works in secure/non-secure contexts.||(Yes)||55|
|Payment Request API (and Basic Card Payment).||(Yes)||(Yes)||No support||Currently not suported; being developed behind the
|Storage API||(Yes)||(Yes)||No support||(Yes)|
|Web Bluetooth||(Yes)||No support||No support||No support|
|Web MIDI (see
||(Yes)||No support||No support||No support|
Secure context restrictions that vary by browser
Some browsers may decide to disable certain APIs in non-secure contexts or apply other restrictions/security measures, despite the spec not requiring them. This section lists any such differences existing in browsers.
|Device motion / orientation||Deprecation warning|
|Encrypted Media Extensions||Deprecation warning||Planned.|
||Disabled in non-secure contexts in Chrome 47+||Temporary access available only (users cannot choose "Remember this decision" in the permission request dialog).|
|Notifications||Disabled in non secure contexts in Chrome 62|
|ping attribute||Disabled in non-secure contexts|
|Presentation||Deprecation warning in 61|
|Web Crypto API||is restricted to HTTPS however predates the Secure Context check.|
|Application Cache||Public support for removal|
Note: Safari and Chrome don't support the full secure contexts specification so APIs may work when using HTTPS iframes inside an HTTP page or pages that have an 'opener context' with an insecure page (this happens when an HTTP page uses
Window.open() or the
target attribute with a value of