Document Policies

Document Policies

Category Defense

Document-Policy is an experimental mechanism, similar to another experimental Feature Policy 1, used to cover features which are more about configuring a document, or removing features (sandboxing) from a document or a frame. 2 It can be for example set in a header response as shown in the example below.

example

Document-Policy: unsized-media=?0, document-write=?0, max-image-bpp=2.0, frame-loading=lazy

ForceLoadAtTop #

The ForceLoadAtTop feature provides an opt-out for Scroll To Text (and other load-on-scroll behaviors) for privacy sensitive sites. The feature allows sites to indicate that they should always be loaded at the top of the page, blocking any scroll-on-load behaviors including text fragments and element fragments. It can be set via Document-Policy: force-load-at-top response header.

The feature could be useful in preventing attacks such as ID Attribute or Scroll to Text Fragment.

References #


  1. Document-Policy proposal, link ↩︎

  2. Feature Policy, link ↩︎