Document Policy restricts the surface area of the web platform on a per-document basis, similar to iframe sandboxing, but more flexibly. It can do things like: - Restrict the use of poorly-performing images - Disable slow synchronous JS APIs - Configure iframe, image, or script loading styles - Restrict overall document sizes or network usage - Restrict patterns which cause page re-layout This is just the HTTP header used to set a policy on a document, separate from any features.


(Mostly see the Document Policy feature for motivation) In addition to the items listed in the summary, the header will be immediately important for allowing sites to opt out of fragment and text-fragment scrolling on load, as a privacy mitigation for the Scroll-to-text-fragment feature.



Specification link

Specification being incubated in a Community Group

Status in Chromium


Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Neutral
  • No signal
  • No signals


Intent to Prototype url

Intent to Prototype thread


The Document-Policy HTTP header configures the behavior of the web platform on documents with which it is served. This is the first part of shipping the Document Policy API; required policy negotiation and restrictions on sub-documents embedded in iframes is not included in this. This feature also does not cover any of the actual configuration policies; those will be separate features with their own launches.

Last updated on 2022-01-14