Skip to main content

Connection Allowlists

Connection Allowlists is a feature designed to provide explicit control over external endpoints by restricting connections initiated via the Fetch API or other web platform APIs from a document or worker. The proposed implementation involves the distribution of an authorized endpoint list from the server through an HTTP response header. Prior to the establishment of any connection by the user agent on behalf of a page, the agent will evaluate the destination against this allowlist; connections to verified endpoints will be permitted, while those failing to match the entries in the list will be blocked. More details on the proposal can be found here: https://github.com/WICG/connection-allowlists
Trial Expiration Date

September 8, 2026

Explainer Feedback

New Origin Trial Registration

Add a domain to enable Connection Allowlists as an origin trial.

Terms of Use

  • Your participation in this origin trial requires that you agree to be contacted by Microsoft for feedback about the trial, to communicate with you about issues and updates for the trial and send information about other trials of interest. Our use of your contact information is in accordance with the Microsoft Privacy Statement.
  • We will send you surveys asking you for specific feedback on your use of the feature. Your feedback will help us determine if the feature is useful, how it could be improved, and if it should eventually be a standardized part of the web platform.
  • Microsoft will automatically delete your contact information after 28 days in accordance with the Microsoft Compliance Policy for the Data Protection Regulation.
  • This feature is experimental and may interfere with your experiences and the experiences of users who browse your websites, including potentially on other Chromium-compatible browsers.
  • This experimental feature may be unstable, include bugs, etc. You understand that when using experimental and trial software you may experience occasional crashes or data loss. By participating, you agree to frequently back up your data.
  • This feature may change at any time during the trial. The trial may be ended, or suspended and restored, at any time without notice.
  • This feature may never be enabled beyond this trial, at Microsoft’s sole discretion. Even if Microsoft decides to enable this feature beyond the trial, it may be unavailable for some time.
  • Where possible, you agree to apply feature detection / graceful degradation to handle the case where the experimental feature is unavailable.
  • You will comply with all applicable data protection laws and regulations when using the APIs.

Enabling subdomains will allow the token to be used with subdomains (such as https://beta.example.com) of the root registered domain.

Enabling Origin Trials

Once you've registered your domain, you can use one of the following methods to enable the trial on your site.

Option 1: Use a <meta> tag

Copy the origin trial tag below and add to the head of any page.

Option 2: Using an HTTP Header

Alternatively, you can add an Origin-Trial header to your HTTP server response.