Permissions-Policy: ch-ua-high-entropy-values directive

{{SeeCompatTable}}

The HTTP {{HTTPHeader("Permissions-Policy")}} header ch-ua-high-entropy-values directive controls whether or not the document is permitted to use the {{domxref("NavigatorUAData.getHighEntropyValues()")}} method to retrieve high-entropy user-agent data.

If the permission is not allowed, the method will only return the brands, mobile, and platform low-entropy data.

Syntax

Permissions-Policy: ch-ua-high-entropy-values=<allowlist>;

• <allowlist>
  • : A list of origins for which permission is granted to use the feature. See Permissions-Policy > Syntax for more details.

Default policy

The default allowlist for ch-ua-high-entropy-values is *.

Examples

Restricting high-entropy data to specific origins

The following policy would only allow the current origin and two other specific origins to retrieve high-entropy data.

Permissions-Policy: ch-ua-high-entropy-values=("self https://a.example.com" "https://b.example.com")

You could then embed one of the two other origins:

<iframe src="https://a.example.com" allow="ch-ua-high-entropy-values"></iframe>

Specifications

{{Specifications}}

Browser compatibility

{{Compat}}

See also

• {{HTTPHeader("Permissions-Policy")}} header
• Permissions Policy
• User-Agent Client Hints API