Feature Policy: control Synchronous XMLHttpRequest

Allows developers to selectively enable and disable use of Synchronous XMLHttpRequest requests through the feature policy HTTP header or the <iframe> "allow" attribute. The identifier for the feature in policies is "sync-xhr". By default, synchronous XHR is allowed in all frames. If developers wish to disable this on any page, they can include a header like: Feature-Policy: sync-xhr 'none' Or embed content in an frame with sync XHR disabled like: <iframe src="..." allow="sync-xhr 'none'">



Status in Chromium


Enabled by default (tracking bug) in:

  • Chrome for desktop release 65
  • Chrome for Android release 65
  • Android WebView release 65

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Public support
  • Public support
  • No public signals
  • No signals


Last updated on 2018-08-15