sync-script
The sync-script policy controls whether a document will execute parser-blocking
JavaScript. This includes both external <script src=''> resources
that do not have the async or defer attributes, but also any
inline script that is not an ES module, and which does not have a defer
attribute. Blocked scripts will be skipped by the parser completely, ie. they are not
simply forced to execute asynchronously, since that may result in unexpected behaviour.
How to apply this policy
Send the following HTTP header to control the sync-script policy, and
disallow it on all origins:
Feature-Policy: sync-script 'none'Does it work?
Currently Firefox, and Chromium based browsers, such as Google Chrome, Samsung Internet,
and Opera, are the only user-agents to support Feature Policy. The minimum version that
correctly recognises the sync-script policy is:
Unknown
Unknown
Not supported
Not supported