This Feature Policy directive was at one point defined as xr (but implemented in Chrome as vr), use xr-spatial-tracking instead.
Feature-Policy: xr
Related Topics
- HTTP
- Guides:
- HTTP access control (CORS)
- HTTP authentication
- HTTP caching
- HTTP compression
- HTTP conditional requests
- HTTP content negotiation
- HTTP cookies
- HTTP range requests
- HTTP redirects
- HTTP specifications
- Feature policy
- References:
-
HTTP headers
AcceptAccept-CHAccept-CH-LifetimeAccept-CharsetAccept-EncodingAccept-LanguageAccept-PatchAccept-RangesAccess-Control-Allow-CredentialsAccess-Control-Allow-HeadersAccess-Control-Allow-MethodsAccess-Control-Allow-OriginAccess-Control-Expose-HeadersAccess-Control-Max-AgeAccess-Control-Request-HeadersAccess-Control-Request-MethodAgeAllowAlt-SvcAuthorizationCache-ControlClear-Site-DataConnectionContent-DispositionContent-EncodingContent-LanguageContent-LengthContent-LocationContent-RangeContent-Security-PolicyContent-Security-Policy-Report-OnlyContent-TypeCookie-
Cookie2 Cross-Origin-Resource-PolicyDNTDPRDateDevice-MemoryDigestETagEarly-DataExpectExpect-CTExpires-
Feature-Policy ForwardedFromHostIf-MatchIf-Modified-SinceIf-None-MatchIf-RangeIf-Unmodified-SinceIndexKeep-Alive-
Large-Allocation Last-ModifiedLinkLocationOrigin-
Pragma Proxy-AuthenticateProxy-AuthorizationPublic-Key-PinsPublic-Key-Pins-Report-OnlyRangeRefererReferrer-PolicyRetry-AfterSave-DataSec-WebSocket-AcceptServerServer-TimingSet-Cookie-
Set-Cookie2 SourceMapStrict-Transport-SecurityTETiming-Allow-OriginTkTrailerTransfer-EncodingUpgrade-Insecure-RequestsUser-AgentVaryViaWWW-AuthenticateWant-DigestWarningX-Content-Type-OptionsX-DNS-Prefetch-Control-
X-Forwarded-For -
X-Forwarded-Host -
X-Forwarded-Proto X-Frame-OptionsX-XSS-Protection
-
HTTP response status codes
100 Continue101 Switching Protocols103 Early Hints200 OK201 Created202 Accepted203 Non-Authoritative Information204 No Content205 Reset Content206 Partial Content300 Multiple Choices301 Moved Permanently302 Found303 See Other304 Not Modified307 Temporary Redirect308 Permanent Redirect400 Bad Request401 Unauthorized402 Payment Required403 Forbidden404 Not Found405 Method Not Allowed406 Not Acceptable407 Proxy Authentication Required408 Request Timeout409 Conflict410 Gone411 Length Required412 Precondition Failed413 Payload Too Large414 URI Too Long415 Unsupported Media Type416 Range Not Satisfiable417 Expectation Failed418 I'm a teapot422 Unprocessable Entity425 Too Early426 Upgrade Required428 Precondition Required429 Too Many Requests431 Request Header Fields Too Large451 Unavailable For Legal Reasons500 Internal Server Error501 Not Implemented502 Bad Gateway503 Service Unavailable504 Gateway Timeout505 HTTP Version Not Supported506 Variant Also Negotiates507 Insufficient Storage508 Loop Detected510 Not Extended511 Network Authentication Required
-
CSP directives
CSP: base-uriCSP: block-all-mixed-contentCSP: child-srcCSP: connect-srcCSP: default-srcCSP: font-srcCSP: form-actionCSP: frame-ancestorsCSP: frame-srcCSP: img-srcCSP: manifest-srcCSP: media-srcCSP: navigate-toCSP: object-srcCSP: plugin-typesCSP: prefetch-src-
CSP: referrer CSP: report-toCSP: report-uriCSP: require-sri-forCSP: sandboxCSP: script-srcCSP: script-src-attrCSP: script-src-elemCSP: style-srcCSP: style-src-attrCSP: style-src-elemCSP: trusted-typesCSP: upgrade-insecure-requestsCSP: worker-src
-
CORS errors
- Reason: CORS disabled
- Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'
- Reason: CORS header 'Access-Control-Allow-Origin' missing
- Reason: CORS header ‘Origin’ cannot be added
- Reason: CORS preflight channel did not succeed
- Reason: CORS request did not succeed
- Reason: CORS request external redirect not allowed
- Reason: CORS request not HTTP
- Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’
- Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’
- Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed
- Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’
- Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’
- Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Methods’
- Reason: missing token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel
-
Feature-Policy directives
- Feature-Policy: accelerometer
- Feature-Policy: ambient-light-sensor
- Feature-Policy: autoplay
- Feature-Policy: battery
- Feature-Policy: camera
- Feature-Policy: display-capture
- Feature-Policy: document-domain
- Feature-Policy: encrypted-media
- Feature-Policy: fullscreen
- Feature-Policy: geolocation
- Feature-Policy: gyroscope
- Feature-Policy: layout-animations
- Feature-Policy: legacy-image-formats
- Feature-Policy: magnetometer
- Feature-Policy: microphone
- Feature-Policy: midi
- Feature-Policy: oversized-images
- Feature-Policy: payment
- Feature-Policy: picture-in-picture
- Feature-Policy: publickey-credentials
- Feature-Policy: sync-xhr
- Feature-Policy: unoptimized-images
- Feature-Policy: unsized-media
- Feature-Policy: usb
- Feature-Policy: vibrate
- Feature-Policy: wake-lock
- Feature-Policy: xr
- Feature-Policy: xr-spatial-tracking