caption: Require Site Isolation for every site
desc: |-
Since <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> 67, site isolation has been enabled by default on all Desktop platforms, causing every site to run in its own process. A site is a scheme plus eTLD+1 (e.g., https://example.com). Setting this policy to Enabled does not change that behavior; it only prevents users from opting out (for example, using Disable site isolation in chrome://flags). Since <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> 76, setting the policy to Disabled or leaving it unset doesn't turn off site isolation, but instead allows users to opt out.
<ph name="ISOLATE_ORIGINS_POLICY_NAME">IsolateOrigins</ph> might also be useful for isolating specific origins at a finer granularity than site (e.g., https://a.example.com).
On <ph name="PRODUCT_OS_NAME">$2<ex>Google ChromeOS</ex></ph> version 76 and earlier, set the <ph name="DEVICE_LOGIN_SCREEN_SITE_PER_PROCESS_POLICY_NAME">DeviceLoginScreenSitePerProcess</ph> device policy to the same value. (If the values don't match, a delay can occur when entering a user session.)
Note: For Android, use the <ph name="SITE_PER_PROCESS_ANDROID_POLICY_NAME">SitePerProcessAndroid</ph> policy instead.
device_only: false
example_value: true
features:
dynamic_refresh: false
per_profile: false
future_on:
- fuchsia
items:
- caption: Require site isolation for all websites
value: true
- caption: Enable site isolation for all websites, but allow the user to opt out
value: false
owners:
- [email protected]
- [email protected]
schema:
type: boolean
supported_on:
- chrome.*:63-
- chrome_os:63-
tags:
- system-security
type: main
Codebase Browser
chromium