The vr policy controls whether the current document is allowed to use the WebVR API.

If disallowed in a document, then calls to the getVRDisplays() should return a promise which rejects with a SecurityError DOMException.

How to apply this policy

Send the following HTTP header to control the vr policy, and disallow it on all origins:

Feature-Policy: vr 'none'

Does it work?

Currently Firefox, and Chromium based browsers, such as Google Chrome, Samsung Internet, and Opera, are the only user-agents to support Feature Policy. The minimum version that correctly recognises the vr policy is:

Mozilla Firefox

Not supported

Google Chrome


Microsoft Edge

Not supported

Apple Safari

Not supported