This Feature Policy directive was at one point defined as xr
(but implemented in Chrome as vr
), use xr-spatial-tracking
instead.
Feature-Policy: xr
Related Topics
- HTTP
- Guides:
- HTTP access control (CORS)
- HTTP authentication
- HTTP caching
- HTTP compression
- HTTP conditional requests
- HTTP content negotiation
- HTTP cookies
- HTTP range requests
- HTTP redirects
- HTTP specifications
- Feature policy
- References:
-
HTTP headers
Accept
Accept-CH
Accept-CH-Lifetime
Accept-Charset
Accept-Encoding
Accept-Language
Accept-Patch
Accept-Ranges
Access-Control-Allow-Credentials
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Access-Control-Allow-Origin
Access-Control-Expose-Headers
Access-Control-Max-Age
Access-Control-Request-Headers
Access-Control-Request-Method
Age
Allow
Alt-Svc
Authorization
Cache-Control
Clear-Site-Data
Connection
Content-Disposition
Content-Encoding
Content-Language
Content-Length
Content-Location
Content-Range
Content-Security-Policy
Content-Security-Policy-Report-Only
Content-Type
Cookie
-
Cookie2
Cross-Origin-Resource-Policy
DNT
DPR
Date
Device-Memory
Digest
ETag
Early-Data
Expect
Expect-CT
Expires
-
Feature-Policy
Forwarded
From
Host
If-Match
If-Modified-Since
If-None-Match
If-Range
If-Unmodified-Since
Index
Keep-Alive
-
Large-Allocation
Last-Modified
Link
Location
Origin
-
Pragma
Proxy-Authenticate
Proxy-Authorization
Public-Key-Pins
Public-Key-Pins-Report-Only
Range
Referer
Referrer-Policy
Retry-After
Save-Data
Sec-WebSocket-Accept
Server
Server-Timing
Set-Cookie
-
Set-Cookie2
SourceMap
Strict-Transport-Security
TE
Timing-Allow-Origin
Tk
Trailer
Transfer-Encoding
Upgrade-Insecure-Requests
User-Agent
Vary
Via
WWW-Authenticate
Want-Digest
Warning
X-Content-Type-Options
X-DNS-Prefetch-Control
-
X-Forwarded-For
-
X-Forwarded-Host
-
X-Forwarded-Proto
X-Frame-Options
X-XSS-Protection
-
HTTP response status codes
100 Continue
101 Switching Protocols
103 Early Hints
200 OK
201 Created
202 Accepted
203 Non-Authoritative Information
204 No Content
205 Reset Content
206 Partial Content
300 Multiple Choices
301 Moved Permanently
302 Found
303 See Other
304 Not Modified
307 Temporary Redirect
308 Permanent Redirect
400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timeout
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Payload Too Large
414 URI Too Long
415 Unsupported Media Type
416 Range Not Satisfiable
417 Expectation Failed
418 I'm a teapot
422 Unprocessable Entity
425 Too Early
426 Upgrade Required
428 Precondition Required
429 Too Many Requests
431 Request Header Fields Too Large
451 Unavailable For Legal Reasons
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version Not Supported
506 Variant Also Negotiates
507 Insufficient Storage
508 Loop Detected
510 Not Extended
511 Network Authentication Required
-
CSP directives
CSP: base-uri
CSP: block-all-mixed-content
CSP: child-src
CSP: connect-src
CSP: default-src
CSP: font-src
CSP: form-action
CSP: frame-ancestors
CSP: frame-src
CSP: img-src
CSP: manifest-src
CSP: media-src
CSP: navigate-to
CSP: object-src
CSP: plugin-types
CSP: prefetch-src
-
CSP: referrer
CSP: report-to
CSP: report-uri
CSP: require-sri-for
CSP: sandbox
CSP: script-src
CSP: script-src-attr
CSP: script-src-elem
CSP: style-src
CSP: style-src-attr
CSP: style-src-elem
CSP: trusted-types
CSP: upgrade-insecure-requests
CSP: worker-src
-
CORS errors
- Reason: CORS disabled
- Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'
- Reason: CORS header 'Access-Control-Allow-Origin' missing
- Reason: CORS header ‘Origin’ cannot be added
- Reason: CORS preflight channel did not succeed
- Reason: CORS request did not succeed
- Reason: CORS request external redirect not allowed
- Reason: CORS request not HTTP
- Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’
- Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’
- Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed
- Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’
- Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’
- Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Methods’
- Reason: missing token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel
-
Feature-Policy directives
- Feature-Policy: accelerometer
- Feature-Policy: ambient-light-sensor
- Feature-Policy: autoplay
- Feature-Policy: battery
- Feature-Policy: camera
- Feature-Policy: display-capture
- Feature-Policy: document-domain
- Feature-Policy: encrypted-media
- Feature-Policy: fullscreen
- Feature-Policy: geolocation
- Feature-Policy: gyroscope
- Feature-Policy: layout-animations
- Feature-Policy: legacy-image-formats
- Feature-Policy: magnetometer
- Feature-Policy: microphone
- Feature-Policy: midi
- Feature-Policy: oversized-images
- Feature-Policy: payment
- Feature-Policy: picture-in-picture
- Feature-Policy: publickey-credentials
- Feature-Policy: sync-xhr
- Feature-Policy: unoptimized-images
- Feature-Policy: unsized-media
- Feature-Policy: usb
- Feature-Policy: vibrate
- Feature-Policy: wake-lock
- Feature-Policy: xr
- Feature-Policy: xr-spatial-tracking