caption: Enable Site Isolation for every site
default: null
desc: |-
Setting the policy to Enabled isolates all sites on Android, such that each site runs in its own process, and it prevents users from opting out. A site is a scheme plus eTLD+1 (e.g., https://example.com). Note that Android isolates certain sensitive sites by default starting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> version 77, and this policy extends that default site isolation mode to apply to all sites.
Setting the policy to Disabled turns off any form of site isolation, including isolation of sensitive sites and field trials of IsolateOriginsAndroid, SitePerProcessAndroid, and other site isolation modes. Users can still turn the policy on manually.
Leaving the policy unset means users can change this setting.
<ph name="ISOLATE_ORIGINS_ANDROID_POLICY_NAME">IsolateOriginsAndroid</ph> might also be useful for isolating specific origins at a finer granularity than site (e.g., https://a.example.com).
Note: Support for isolating every site on Android will improve, but currently it may cause performance problems, especially on low-end devices. This policy applies only to Chrome on Android running on devices with strictly more than 1 GB of RAM. To isolate specific sites while limiting performance impact for users, use <ph name="ISOLATE_ORIGINS_ANDROID_POLICY_NAME">IsolateOriginsAndroid</ph> with a list of the sites you want to isolate. To apply the policy on non-Android platforms, use <ph name="SITE_PER_PROCESS_POLICY_NAME">SitePerProcess</ph>.
device_only: false
example_value: true
features:
dynamic_refresh: false
per_profile: false
items:
- caption: Require site isolation for all websites
value: true
- caption: Disable site isolation for all websites, but allow the user to enable it
value: false
- caption: Allow the user to decide
value: null
owners:
- [email protected]
- [email protected]
schema:
type: boolean
supported_on:
- android:68-
tags:
- system-security
type: main
Codebase Browser
chromium