Feature-Policy

Editar
Avançado
- Histórico
- Imprimir este artigo

Ir para:

Syntax
Directives
Example
Specifications
Browser compatibility
See also

Nossos voluntários ainda não traduziram este artigo para o Português (do Brasil). Junte-se a nós e ajude-nos a fazer o trabalho!
Você também pode ler o artigo em English (US).

This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTTP Feature-Policy header provides a mechanism to allow and deny the use of browser features in its own frame, and in content within any <iframe> elements in the document.

For more information, see the main Feature Policy article.

Header type	Response header
Forbidden header name	yes

Syntax

Feature-Policy: <directive> <allowlist>

<allowlist>

An allowlist is a list of origins that takes one or more of the following values:

*: The feature will be allowed in this document, and all nested browsing contexts (iframes) regardless of their origin.
'self': The feature will be allowed in this document, and in all nested browsing contexts (iframes) in the same origin.
'src': (In an iframe allow attribute only) The feature will be allowed in this iframe, as long as the document loaded into it comes from the same origin as the URL in the iframe's src attribute.
'none': The feature is disabled in top-level and nested browsing contexts.
<origin(s)>: The feature is allowed for specific origins (for example, https://example.com). Origins should be separated by a space.

The values * (enable for all origins) or 'none' (disable for all origins) may only be used alone, while 'self' and 'src' may be used with one or more origins.

Features are each defined to have a default allowlist, which is one of:

*: The feature is allowed by default in top-level browsing contexts and all nested browsing contexts (iframes).
'self': The feature is allowed by default in top-level browsing contexts and in nested browsing contexts (iframes) in the same origin. The feature is not allowed in cross-origin documents in nested browsing contexts.
'none': The feature is disabled in top-level and nested browsing contexts.

Directives

autoplay: Controls whether the current document is allowed to autoplay media requested through the HTMLMediaElement interface. When this policy is enabled and there were no user gestures, the Promise returned by HTMLMediaElement.play() will reject with a DOMException. The autoplay attribute on <audio> and <video> elements will be ignored.
camera: Controls whether the current document is allowed to use video input devices. When this policy is enabled, the Promise returned by getUserMedia() will reject with a NotAllowedError.
display-capture: Controls whether or not the current document is permitted to use the getDisplayMedia() method to capture screen contents. When this policy is enabled, the promise returned by getDisplayMedia() will reject with a NotAllowedError if permission is not obtained to capture the display's contents.
document-domain: Controls whether the current document is allowed to set document.domain. When this policy is enabled, attempting to set document.domain will fail and cause a SecurityError DOMException to be be thrown.
encrypted-media: Controls whether the current document is allowed to use the Encrypted Media Extensions API (EME). When this policy is enabled, the Promise returned by Navigator.requestMediaKeySystemAccess() will reject with a DOMException.
fullscreen: Controls whether the current document is allowed to use Element.requestFullScreen(). When this policy is enabled, the returned Promise rejects with a TypeError.
geolocation: Controls whether the current document is allowed to use the Geolocation Interface. When this policy is enabled, calls to getCurrentPosition() and watchPosition() will cause those functions' callbacks to be invoked with a PositionError code of PERMISSION_DENIED.
microphone: Controls whether the current document is allowed to use audio input devices. When this policy is enabled, the Promise returned by MediaDevices.getUserMedia() will reject with a NotAllowedError.
midi: Controls whether the current document is allowed to use the Web MIDI API. When this policy is enabled, the Promise returned by Navigator.requestMIDIAccess() will reject with a DOMException.
payment: Controls whether the current document is allowed to use the Payment Request API. When this policy is enabled, the PaymentRequest() constructor will throw a SecurityError DOMException.
vr / xr: Controls whether the current document is allowed to use the WebVR API. When this policy is enabled, the Promise returned by Navigator.getVRDisplays() will reject with a DOMException.

Example

SecureCorp Inc. wants to disable Vibration and Geolocation APIs in their application. It can do so by delivering the following HTTP response header to define a feature policy:

Feature-Policy: vibrate 'none'; geolocation 'none'

By specifying the 'none' keyword for the origin list, the specified features will be disabled for all browsing contexts, regardless of their origin.

Specifications

Specification	Status	Comment
Feature Policy The definition of 'Feature-Policy' in that specification.	Editor's Draft	Initial definition.

Browser compatibility

Update compatibility data on GitHub

	Desktop						Mobile
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari	Android webview	Chrome for Android	Firefox for Android	Opera for Android	Safari on iOS	Samsung Internet
`Feature-Policy` Experimental	Chrome Full support 60	Edge No support No	Firefox Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera Full support 47	Safari No support No	WebView Android Full support 60	Chrome Android Full support 60	Firefox Android Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android Full support 44	Safari iOS No support No	Samsung Internet Android No support No
`accelerometer` Experimental	Chrome Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Edge No support No	Firefox No support No	IE No support No	Opera Full support 56 Disabled Full support 56 Disabled Disabled From version 56: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari No support No	WebView Android Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Chrome Android Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Firefox Android No support No	Opera Android Full support 48 Disabled Full support 48 Disabled Disabled From version 48: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari iOS No support No	Samsung Internet Android No support No
`ambient-light-sensor` Experimental	Chrome Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Edge No support No	Firefox No support No	IE No support No	Opera Full support 56 Disabled Full support 56 Disabled Disabled From version 56: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari No support No	WebView Android Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Chrome Android Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Firefox Android No support No	Opera Android Full support 48 Disabled Full support 48 Disabled Disabled From version 48: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari iOS No support No	Samsung Internet Android No support No
`autoplay` Experimental	Chrome Full support 64	Edge No support No	Firefox Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera Full support 51	Safari No support No	WebView Android Full support 64	Chrome Android Full support 64	Firefox Android Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android Full support 47	Safari iOS No support No	Samsung Internet Android No support No
`camera` Experimental	Chrome Full support 60	Edge No support No	Firefox Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera Full support 48	Safari No support No	WebView Android Full support 60	Chrome Android Full support 60	Firefox Android Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android Full support 45	Safari iOS No support No	Samsung Internet Android No support No
`display-capture` Experimental	Chrome No support No	Edge No support No	Firefox Full support 67 Disabled Full support 67 Disabled Disabled From version 67: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera No support No	Safari No support No	WebView Android No support No	Chrome Android No support No	Firefox Android Full support 67 Disabled Full support 67 Disabled Disabled From version 67: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android No support No	Safari iOS No support No	Samsung Internet Android No support No
`document-domain` Experimental	Chrome No support No	Edge No support No	Firefox Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera No support No	Safari No support No	WebView Android No support No	Chrome Android No support No	Firefox Android Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android No support No	Safari iOS No support No	Samsung Internet Android No support No
`encrypted-media` Experimental	Chrome Full support 60	Edge No support No	Firefox Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera Full support 48	Safari No support No	WebView Android Full support 60	Chrome Android Full support 60	Firefox Android Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android Full support 45	Safari iOS No support No	Samsung Internet Android No support No
`fullscreen` Experimental	Chrome Full support 60	Edge No support No	Firefox Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera Full support 47	Safari No support No	WebView Android Full support 60	Chrome Android Full support 60	Firefox Android Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android Full support 44	Safari iOS No support No	Samsung Internet Android No support No
`geolocation` Experimental	Chrome Full support 60	Edge No support No	Firefox Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera Full support 47	Safari No support No	WebView Android Full support 60	Chrome Android Full support 60	Firefox Android Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android Full support 44	Safari iOS No support No	Samsung Internet Android No support No
`gyroscope` Experimental	Chrome Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Edge No support No	Firefox No support No	IE No support No	Opera Full support 56 Disabled Full support 56 Disabled Disabled From version 56: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari No support No	WebView Android Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Chrome Android Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Firefox Android No support No	Opera Android Full support 48 Disabled Full support 48 Disabled Disabled From version 48: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari iOS No support No	Samsung Internet Android No support No
`layout-animations` Experimental	Chrome No support No	Edge No support No	Firefox No support No	IE No support No	Opera No support No	Safari No support No	WebView Android No support No	Chrome Android No support No	Firefox Android No support No	Opera Android No support No	Safari iOS No support No	Samsung Internet Android No support No
`legacy-image-formats` Experimental	Chrome Full support 68 Disabled Full support 68 Disabled Disabled From version 68: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Edge No support No	Firefox No support No	IE No support No	Opera Full support 55 Disabled Full support 55 Disabled Disabled From version 55: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari No support No	WebView Android Full support 68 Disabled Full support 68 Disabled Disabled From version 68: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Chrome Android Full support 68 Disabled Full support 68 Disabled Disabled From version 68: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Firefox Android No support No	Opera Android Full support 48 Disabled Full support 48 Disabled Disabled From version 48: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari iOS No support No	Samsung Internet Android No support No
`magnetometer` Experimental	Chrome Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Edge No support No	Firefox No support No	IE No support No	Opera Full support 56 Disabled Full support 56 Disabled Disabled From version 56: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari No support No	WebView Android Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Chrome Android Full support 69 Disabled Full support 69 Disabled Disabled From version 69: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Firefox Android No support No	Opera Android Full support 48 Disabled Full support 48 Disabled Disabled From version 48: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari iOS No support No	Samsung Internet Android No support No
`microphone` Experimental	Chrome Full support 60	Edge No support No	Firefox Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera Full support 48	Safari No support No	WebView Android Full support 60	Chrome Android Full support 60	Firefox Android Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android Full support 45	Safari iOS No support No	Samsung Internet Android No support No
`midi` Experimental	Chrome Full support 60	Edge No support No	Firefox Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera Full support 47	Safari No support No	WebView Android Full support 60	Chrome Android Full support 60	Firefox Android Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android Full support 44	Safari iOS No support No	Samsung Internet Android No support No
`oversized-images` Experimental	Chrome Full support 72 Disabled Full support 72 Disabled Disabled From version 72: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Edge No support No	Firefox No support No	IE No support No	Opera Full support 60 Disabled Full support 60 Disabled Disabled From version 60: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari No support No	WebView Android Full support 72 Disabled Full support 72 Disabled Disabled From version 72: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Chrome Android Full support 72 Disabled Full support 72 Disabled Disabled From version 72: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Firefox Android No support No	Opera Android Full support 50 Disabled Full support 50 Disabled Disabled From version 50: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari iOS No support No	Samsung Internet Android No support No
`payment` Experimental	Chrome Full support 60	Edge No support No	Firefox Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE No support No	Opera Full support 47	Safari No support No	WebView Android Full support 60	Chrome Android Full support 60	Firefox Android Full support 65 Disabled Full support 65 Disabled Disabled From version 65: this feature is behind the `dom.security.featurePolicy.header.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android Full support 44	Safari iOS No support No	Samsung Internet Android No support No
`picture-in-picture` Experimental	Chrome No support No	Edge No support No	Firefox No support No	IE No support No	Opera No support No	Safari No support No	WebView Android No support No	Chrome Android No support No	Firefox Android No support No	Opera Android No support No	Safari iOS No support No	Samsung Internet Android No support No
`speaker` Experimental	Chrome Full support 60	Edge No support No	Firefox No support No	IE No support No	Opera Full support 48	Safari No support No	WebView Android Full support 60	Chrome Android Full support 60	Firefox Android No support No	Opera Android Full support 45	Safari iOS No support No	Samsung Internet Android No support No
`sync-xhr` Experimental	Chrome Full support 65	Edge No support No	Firefox No support No	IE No support No	Opera Full support 52	Safari No support No	WebView Android Full support 65	Chrome Android Full support 65	Firefox Android No support No	Opera Android Full support 47	Safari iOS No support No	Samsung Internet Android No support No
`unoptimized-images` Experimental	Chrome Full support 72 Disabled Full support 72 Disabled Disabled From version 72: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Edge No support No	Firefox No support No	IE No support No	Opera Full support 60 Disabled Full support 60 Disabled Disabled From version 60: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari No support No	WebView Android Full support 72 Disabled Full support 72 Disabled Disabled From version 72: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Chrome Android Full support 72 Disabled Full support 72 Disabled Disabled From version 72: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Firefox Android No support No	Opera Android Full support 50 Disabled Full support 50 Disabled Disabled From version 50: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari iOS No support No	Samsung Internet Android No support No
`unsized-media` Experimental	Chrome Full support 66 Disabled Full support 66 Disabled Disabled From version 66: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Edge No support No	Firefox No support No	IE No support No	Opera Full support 53 Disabled Full support 53 Disabled Disabled From version 53: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari No support No	WebView Android Full support 66 Disabled Full support 66 Disabled Disabled From version 66: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Chrome Android Full support 66 Disabled Full support 66 Disabled Disabled From version 66: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`). To change preferences in Chrome, visit chrome://flags.	Firefox Android No support No	Opera Android Full support 47 Disabled Full support 47 Disabled Disabled From version 47: this feature is behind the `#enable-experimental-productivity-features` preference (needs to be set to `Enabled`).	Safari iOS No support No	Samsung Internet Android No support No
`usb` Experimental	Chrome Full support 60	Edge No support No	Firefox No support No	IE No support No	Opera Full support 47	Safari No support No	WebView Android Full support 60	Chrome Android Full support 60	Firefox Android No support No	Opera Android Full support 44	Safari iOS No support No	Samsung Internet Android No support No
`vibrate` Experimental	Chrome Full support 60	Edge No support No	Firefox No support No	IE No support No	Opera Full support 47	Safari No support No	WebView Android Full support 60	Chrome Android Full support 60	Firefox Android No support No	Opera Android Full support 44	Safari iOS No support No	Samsung Internet Android No support No
`vr` Experimental	Chrome Full support 62	Edge No support No	Firefox No support No	IE No support No	Opera Full support 49	Safari No support No	WebView Android Full support 62	Chrome Android Full support 62	Firefox Android No support No	Opera Android Full support 46	Safari iOS No support No	Samsung Internet Android No support No

Legend

Full support: Full support
No support: No support
Experimental. Expect behavior to change in the future.: Experimental. Expect behavior to change in the future.
User must explicitly enable this feature.: User must explicitly enable this feature.

Etiquetas do documento e colaboradores

Etiquetas:

Colaboradores desta página: bershanskiy, Sheppy, Malvoz, mdnwebdocs-bot, sideshowbarker, fscholz, mfuji09, jpmedley

Última atualização por: bershanskiy, Jun 17, 2019, 4:30:41 PM

Tópicos relacionados