Window: credentialless property
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
Non-standard: This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.
The window.credentialless
read-only property returns a boolean that indicates whether the current document was loaded inside a credentialless <iframe>
, meaning that it is loaded in a new, ephemeral context.
This context doesn't have access to the network, cookies, and storage data associated with its origin. It uses a new context local to the top-level document lifetime. In return, the Cross-Origin-Embedder-Policy
(COEP) embedding rules can be lifted, so documents with COEP set can embed third-party documents that do not.
See IFrame credentialless for a deeper explanation.
Value
A boolean. A value of true
indicates that the document was loaded inside a credentialless <iframe>
; false
indicates that it was not.
Examples
You can specify a credentialless <iframe>
like so:
html
<iframe
src="https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)"
title="Spectre vulnerability Wikipedia page"
width="960"
height="600"
credentialless></iframe>
In supporting browsers, if the document loaded in the <iframe>
were to run the following line, it would return true
:
js
console.log(window.credentialless);
Specifications
No specification found
No specification data found for api.Window.credentialless
.
Check for problems with this page or contribute a missing spec_url
to mdn/browser-compat-data. Also make sure the specification is included in w3c/browser-specs.
Browser compatibility
BCD tables only load in the browser