This reference lists the web platform features available only in secure contexts — see Secure Contexts for a definition and more details.
Current features available only in secure contexts
This section lists all the APIs available on in secure contexts, along with browser versions the limitation was introduced in, as appropriate.
Note: Only the browsers that actually support secure contexts are listed in this document. See here for information on secure contexts support.
| API | Chrome/Opera | Safari | Firefox |
Geolocation |
47 / (Yes) | (Yes) | 55 |
| Payment Request API | (Yes) | No support | Currently not suported; being developed behind the dom.payments.request.enabled pref. |
| Service workers | (Yes) | (Yes) | (Yes) |
| Storage API | (Yes) | No support | (Yes) |
| Web Bluetooth | (Yes) | No support | No support |
Web MIDI (see MIDIAccess, for example) |
(Yes) | No support | No support |
Secure context restrictions that vary by browser
Some browsers may decide to disable certain APIs in non-secure contexts or apply other restrictions/security measures, despite the spec not requiring them. This section lists any such differences existing in browsers.
| API | Chrome | Safari | Firefox |
getUserMedia() |
Disabled in non-secure contexts in Chrome 47+ | Temporary access available only (users cannot choose "Remember this decision" in the permission request dialog). | |
| Encrypted Media Extensions | Deprecation warning | ||
| Device motion / orientation | Deprecation warning | ||
| Web Crypto API | is restricted to HTTPS however predates the Secure Context check. |
Note: Safari and Chrome don't support the full secure contexts specification so APIs may work when using HTTPS iframes inside an HTTP page or pages that have an 'opener context' with an insecure page (this happens when an HTTP page uses Window.open() or the target attribute with a value of _blank).