Platform features restricted to secure contexts

This reference lists the web platform features available only in secure contexts — see Secure Contexts for a definition and more details.

Current features available only in secure contexts

This section lists all the APIs available on in secure contexts, along with browser versions the limitation was introduced in, as appropriate.

Note: Only the browsers that actually support secure contexts are listed in this document. See here for information on secure contexts support.

API Chrome/Opera Safari Firefox
Geolocation 47 / (Yes) (Yes) 55
Service workers (Yes) (Yes) (Yes)
Storage API (Yes) API not yet supported (Yes)
Web Bluetooth (Yes) API not yet supported API not yet supported
Web MIDI (see MIDIAccess, for example) (Yes) API not yet supported API not yet supported

Secure context restrictions that vary by browser

Some browsers may decide to disable certain APIs in non-secure contexts or apply other restrictions/security measures, despite the spec not requiring them. This section lists any such differences existing in browsers.

API Chrome Safari Firefox
getUserMedia() Disabled in non-secure contexts in Chrome 47+   Temporary access available only (users cannot choose "Remember this decision" in the permission request dialog).
Encrypted Media Extensions Deprecation warning    
Device motion / orientation Deprecation warning    
Web Crypto API is restricted to HTTPS however predates the Secure Context check.    

Note: Safari and Chrome don't support the full secure contexts specification so APIs may work when using HTTPS iframes inside an HTTP page or pages that have an 'opener context' with an insecure page (this happens when an HTTP page uses Window.open() or the target attribute with a value of _blank).

Future features that will be available only in secure contexts

See also

Document Tags and Contributors

 Contributors to this page: chrisdavidmills
 Last updated by: chrisdavidmills,