This document lists policy-controlled features being implemented in browsers. It is not intended to be a complete list: browsers may choose to implement other features not in this list. Nor is it intended to be normative: the definitions of these features all belong in their respective specs.
Feature name | Default allowlist | Brief Description |
---|---|---|
accelerometer |
self |
Controls access to accelerometer sensors on the device |
ambient-light-sensor |
self |
Controls access to ambient light sensors on the device |
autoplay |
self |
Controls access to autoplay through play() and autoplay . |
camera |
self |
Controls access to video input devices. |
encrypted-media |
self |
Controls whether requestMediaKeySystemAccess() is allowed. |
fullscreen |
self |
Controls whether requestFullscreen() is allowed. |
geolocation |
self |
Controls access to Geolocation interface. |
gyroscope |
self |
Controls access to gyroscope sensors on the device |
magnetometer |
self |
Controls access to magnetometer sensors on the device |
microphone |
self |
Controls access to audio input devices. |
midi |
self |
Controls access to requestMIDIAccess() method. |
payment |
self |
Controls access to PaymentRequest interface. |
picture-in-picture |
* |
Controls access to Picture in Picture. |
speaker |
self |
Controls access to audio output devices. |
usb |
self |
Controls access to USB devices. |
vibrate |
self |
Controls access to vibrate() method. |
vr |
self |
Controls access to VR displays. |
The autoplay feature controls access to autoplay of media requested through the HTMLMediaElement interface.
If disabled in a document, then calls to play()
without a user gesutre will reject the promise with a NotAllowedError
DOMException object as its parameter. The autoplay
attribute will be ignored.
- The feature name for autoplay is "
autoplay
" - The default allowlist for autoplay is
'self'
.
The camera feature controls access to video input devices requested through the NavigatorUserMedia interface.
If disabled in a document, then calls to getUserMedia()
MUST NOT grant access to video input devices in that document.
- The feature name for camera is "
camera
" - The default allowlist for camera is
'self'
.
The encrypted-media feature controls whether encrypted media extensions are available.
If disabled in a document, the promise returned by requestMediaKeySystemAccess()
must return a promise which rejects with a SecurityError
DOMException object as its parameter.
- The feature name for encrypted-media is "
encrypted-media
" - The default allowlist for encrypted-media is
'self'
.
The fullscreen feature controls whether the requestFullscreen()
method is allowed to request fullscreen.
If disabled in any document, the document will not be allowed to use fullscreen. If enabled, the document will be allowed to use fullscreen.
- The feature name for fullscreen is "
fullscreen
" - The default allowlist for fullscreen is
'self'
.
The geolocation feature controls whether the current document is allowed to use the Geolocation interface.
If disabled in any document, calls to both getCurrentPosition
and watchPosition
must result in the error callback being invoked with PERMISSION_DENIED
.
- The feature name for geolocation is "
geolocation
" - The default allowlist for geolocation is
'self'
.
The microphone feature controls access to audio input devices requested through the NavigatorUserMedia interface.
If disabled in a document, then calls to getUserMedia()
MUST NOT grant access to audio input devices in that document.
- The feature name for microphone is "
microphone
" - The default allowlist for microphone is
'self'
.
The midi feature controls whether the current document is allowed to use the Web MIDI API.
If disabled in a document, the promise returned by requestMIDIAccess()
must reject with a DOMException
parameter.
- The feature name for midi is "
midi
" - The default allowlist for midi is
'self'
.
The payment feature controls whether the current document is allowed to use the PaymentRequest interface.
If disabled in a document, then calls to the PaymentRequest
constuctor MUST throw a SecurityError
.
- The feature name for payment is "
payment
" - The default allowlist for payment is
'self'
.
The picture-in-picture feature controls whether the current document is allowed to use Picture In Picture.
If disabled in a document, then calls to requestPictureInPicture()
MUST throw a SecurityError
and pictureInPictureEnabled
MUST return false
.
- The feature name for picture-in-picture is "
picture-in-picture
" - The default allowlist for picture-in-picture is
*
.
The sensor policy-controlled features are ambient-light-sensor, accelerometer, gyroscope, and magnetometer.
A sensor feature controls access to a device sensor of a certain type requested either through an associated Sensor-based interface or through an event specified in the DeviceOrientation Event Specification.
If an interface (or an event) requires access to multiple sensors of different types than each of the corresponding sensor features MUST be allowed in order to use this interface. The table below shows which sensor features are required by the existing interfaces and events.
Interface name | Required sensor policy-controlled features |
---|---|
AmbientLightSensor interface | ambient-light-sensor |
Accelerometer interface | accelerometer |
LinearAccelerationSensor interface | accelerometer |
GravitySensor interface | accelerometer |
Gyroscope interface | gyroscope |
AbsoluteOrientationSensor interface | accelerometer, gyroscope, magnetometer |
RelativeOrientationSensor interface | accelerometer, gyroscope |
deviceorientation Event | accelerometer, gyroscope |
deviceorientationabsolute Event | accelerometer, gyroscope, magnetometer |
devicemotion Event | accelerometer, gyroscope |
compassneedscalibration Event | magnetometer |
If a required sensor feature is disabled in a document, then constructing of a Sensor-based interface object MUST throw a SecurityError
. The events are not fired.
Sensor feature | feature name | default allow list |
---|---|---|
accelerometer | "accelerometer " |
'self' |
ambient-light-sensor | "ambient-light-sensor " |
'self' |
gyroscope | "gyroscope " |
'self' |
magnetometer | "magnetometer " |
'self' |
The speaker feature controls access to audio output devices requested through the NavigatorUserMedia interface.
If disabled in a document, then calls to getUserMedia()
MUST NOT grant access to audio output devices in that document.
- The feature name for speaker is "
speaker
" - The default allowlist for speaker is
'self'
.
The usb feature controls whether the current document is allowed to use the WebUSB API.
If disabled in a document, then calls to the getDevices()
should return a promise which rejects with a SecurityError DOMException.
- The feature name for usb is "
usb
" - The default allowlist for usb is
'self'
.
The vibrate feature controls whether the Vibration API is allowed to cause device vibration.
If disabled in a document, then calls to the vibrate()
method should silently do nothing. If enabled, the browser may allow the device to vibrate.
- The feature name for vibrate is "
vibrate
" - The default allowlist for vibrate is
'self'
.
The vr feature controls whether the current document is allowed to use the WebVR API.
If disabled in a document, then calls to the getVRDisplays()
should return a promise which rejects with a SecurityError DOMException.
- The feature name for vr is "
vr
" - The default allowlist for vr is
'self'
.