This flag blocks features that trigger automatically, such as automatically playing a video or automatically focusing a form control.

This flag prevents content from creating new auxiliary browsing contexts, e.g. using the target attribute, or the window.open() method.

This flag prevents content from using the document.domain feature to change the effective script origin.

This flag blocks form submission.

This flag prevents content from using the requestFullscreen() method.

This flag prevents content from navigating browsing contexts other than the sandboxed browsing context itself (or browsing contexts further nested inside it), auxiliary browsing contexts (which are protected by the sandboxed auxiliary navigation browsing context flag defined next), and the top-level browsing context (which is protected by the sandboxed top-level navigation browsing context flag defined below).

No flag is set, everything is accepted.

This flag forces content into a unique origin, thus preventing it from accessing other content from the same origin.

This flag prevents content from instantiating plugins, whether using the embed element, the object element, the applet element, or through navigation of a nested browsing context, unless those plugins can be secured.

This flag disables the Pointer Lock API.

This flag blocks script execution.

This flag prevents content from navigating their top-level browsing context and prevents content from closing their top-level browsing context.