flags-to-check

# Privacy

# v98

# https://bugs.chromium.org/p/chromium/issues/detail?id=1252460
# https://docs.google.com/document/d/15HVLD6nddA0OaI8Dd0ayBP2jlGw5JpRD-njAyY1oNZo/edit
# timing attack, Programmatically repeated navigations in iframe
kCssSelectorFragmentAnchor=0

# Enables FedCM API JavaScript API
# https://fedidcg.github.io/FedCM/
kFedCm=0 

# First-Party Sets component v2
kFirstPartySetsV2ComponentFormat=?

# Currently there are two paths - legacy code, in which BrowsingContextState
# will be 1:1 with FrameTreeNode, allowing us to move proxy storage to it as a
# no-op, and a new path hidden behind a feature flag, which will create a new
# BrowsingContextState for cross-BrowsingInstance navigations.
kNewBrowsingContextStateOnBrowsingContextGroupSwap=?

# If enabled, an absent Origin-Agent-Cluster: header is interpreted as
# requesting an origin agent cluster, but in the same process.
kOriginAgentClusterDefaultEnabled=?

# Enables the Aggregation Service. See crbug.com/1207974.
kPrivacySandboxAggregationService=?

# This feature enables use of ULP language data in Chrome.
kUseULPLanguagesInChrome=?

# Enables new behavior for window.open() and BarProp properties.
kWindowOpenNewPopupBehavior=?

#########
# v99
#########
kActivateMetricsReportingEnabledPolicyAndroid=?

# https://github.com/google/omaha/blob/master/doc/ServerProtocolV3.md
# send getDeviceID() if kAnonymousUpdateChecks=0
kAnonymousUpdateChecks=1 # enabled by default

# Shows a confirmation modal dialog when clicking 'Close all tabs' in the
# app menu.
kCloseAllTabsModalDialog=1

# Enable force installed Chrome apps policy migration.
# kDefaultChromeAppsMigration=?

kDisableWebCache=? # (TODO)

# Enable drag and drop images and links from web contents on Android
#kDragAndDropAndroid=? # unused

# Enables loading the response body earlier in navigation.
kEarlyBodyLoad=0 # disabled by prefetch disabled

# https://bugs.chromium.org/p/chromium/issues/detail?id=1290944
kFasterSetCookie=1 # (TODO) can be enabled

# If enabled, limits the number of FLEDGE auctions that can be run between page
# load and unload -- any attempt to run more than this number of auctions will
# fail (return null to JavaScript).
kFledgeLimitNumAuctions=0
kFledgeLimitNumAuctionsParam=0

# bluetooth driver, only chromeos
# kFlossEnabled=?

# Enable global VA-API lock. Disable this to use lock-free VA-API function
# calls for thread safe backends.
# https://source.chromium.org/chromium/chromium/src/+/334b915c11a64b9255687e75ce5fbb73ca29e4ac
# kGlobalVaapiLock=? (TODO)

# Add flags for improving reader mode prompt
# https://chromium-review.googlesource.com/c/chromium/src/+/3447312
# https://chromium-review.googlesource.com/c/chromium/src/+/3448081/7
# kImproveReaderModePrompt=? # no privacy issue, currently disabled

# If enabled, Google Photos opt-in card will show a button to soft opt-out.
kNtpPhotosModuleSoftOptOut=0

# Whether the StoragePolicyObserver only sends updates for modified origins.
# kOnlySendStoragePolicyUpdatesForModifiedOrigins=? (TOCHECK)
kPermissionOnDeviceNotificationPredictions=0

#kPrivacySandboxSettings3=?

# Enables Private Network Access checks for all types of web workers.
#
# This affects initial worker script fetches, fetches initiated by workers
# themselves, and service worker update fetches.
#
# The exact checks run are the same as for other document subresources, and
# depend on the state of other Private Network Access feature flags:
#
#  - `kBlockInsecurePrivateNetworkRequests`
#  - `kPrivateNetworkAccessSendPreflights`
#  - `kPrivateNetworkAccessRespectPreflightResults`
# kPrivateNetworkAccessForWorkers=? # 0

# send sampled pings 
# kSendSampledPingsForProtegoAllowlistDomains=0 # disabled by safebrowsing disabled

# preloading in non active
# kShowExtendedPreloadingSetting=?

# Enables use of Google Mobile Services for password storage. Chrome's local
# database will be unused but kept in sync for local passwords.
kUnifiedPasswordManagerAndroid=0
kUnifiedPasswordManagerShadowWriteOperationsAndroid=0

# Whether to use the leveldb-based page entities metadata provider
kUseLocalPageEntitiesMetadataProvider=0

#########
# v100
#########

# Apply lazy-loading to ad frames which have embeds likely impacting Core Web\nVitals.
kAutomaticLazyFrameLoadingToAds=? # 0

kClientHintsPartitionedCookies=0

# Introduce a new COOP value, Same-Origin-Opener-Policy-Plus-Coep, which grants\ncross-origin isolation. 
# This used mainly for testing the process model and\nshould not be enabled in any production code.
# \nSee https://crbug.com/1221127.
kCoopSameOriginAllowPopupsPlusCoep = ? # 0

# DestroyProfileOnBrowserClose only covers deleting regular (non-System)\nProfiles. 
# This flags lets us destroy the System Profile, as well.
# kDestroySystemProfiles = ? # 0

# If enabled, the client hints cache will be loaded on browser restarts.
kDurableClientHintsCache=0

# Enables the `sec-ch-ua-full` client hint to be sent along with the full user
# agent string in the HTTP request headers, as well as surfacing the full user
# agent string in the JS APIs (navigator.userAgent, etc).
kFullUserAgent=0

# [UrlParamFilter] Add param filtering to server and client redirects
# https://source.chromium.org/chromium/chromium/src/+/480392e193c510a732d3369e0eec65dbf3863ecf
kIncognitoParamFilterEnabled=1

# Allow process isolation of iframes with the 'sandbox' attribute set. Whether
# or not such an iframe will be isolated may depend on options specified with
# the attribute. Note: At present, only iframes with origin-restricted
# sandboxes are isolated.
kIsolateSandboxedIframes=1 # 0 # check ParseWebSandboxPolicy()

# Switches Cross-Origin Read Blocking (CORB) to use an early implementation of
# Opaque Response Blocking (ORB, aka CORB++) behind the scenes.
# This is ORB v0.1 - it doesn't implement the full spec from
# https://github.com/annevk/orb:
# - No Javascript sniffing is done.  Instead the implementation uses all
# of CORB's confirmation sniffers (for HTML, XML and JSON).
# - Blocking is still done by injecting an empty response rather than erroring
# out the network request
# - See other differences in the \"ORB v0.1 vs full ORB differences\" section in
# https://docs.google.com/document/d/1qUbE2ySi6av3arUEw5DNdFJIKKBbWGRGsXz_ew3S7HQ/edit#heading=h.mptmm5bpjtdn
# Implementing ORB in Chromium is tracked in https://crbug.com/1178928
kOpaqueResponseBlockingV01= ?

# Enables the page entities model to be annotated on every page load.
kPageEntitiesPageContentAnnotations=0

# When enabled, certain operations in the HTTP cache are brokered to allow\nthe network process to be sandboxed.
# actually unused
kSandboxHttpCache=?

#########
# v101
#########

# Kill switch for the Topics API.
kBrowsingTopics = 0

# Controls whether the Digital Goods API is enabled.
# https://github.com/WICG/digital-goods/
kDigitalGoodsApi = ? # actually enabled

# Forces the `frame_origin` value in IsolationInfo to the `top_level_origin`
# value when an IsolationInfo instance is created. This is to enable
# expirimenting with double keyed network partitions.
kForceIsolationInfoFrameOriginToTopLevelFrame = 0

# If enabled, the setTimeout(..., 0) will clamp to 4ms after a custom `nesting`
# level.
# Tracking bug: https://crbug.com/1108877.
kMaxUnthrottledTimeoutNestingLevel = 1 # actually disabled

# Allow cross-context transfer of MediaStreamTracks.
kMediaStreamTrackTransfer = ? # actually disabled

# If enabled, Omnibox reports the Assisted Query Stats in the aqs= param in the
# Search Results Page URL.
# https://source.chromium.org/chromium/chromium/src/+/e2ad407421b119f069f44fa4d8f9a01ee2d3ee73
kReportAssistedQueryStats = 0 # actually enabled

# If enabled, Omnibox reports the Searchbox Stats in the gs_lcrp= param in the
# Search Results Page URL.
kReportSearchboxStats = 0 # actually disabled

# Gates sandboxed iframe navigation toward external protocol behind any of:
# - allow-top-navigation
# - allow-top-navigation-to-custom-protocols
# - allow-top-navigation-with-user-gesture (+ user gesture)
# - allow-popups
# Motivation:
# Developers are surprised that a sandboxed iframe can navigate and/or
# redirect the user toward an external application.
# General iframe navigation in sandboxed iframe are not blocked normally,
# because they stay within the iframe. However they can be seen as a popup or
# a top-level navigation when it leads to opening an external application. In
# this case, it makes sense to extend the scope of sandbox flags, to block
# malvertising.
# Implementation bug: https://crbug.com/1253379
# I2S: https://groups.google.com/a/chromium.org/g/blink-dev/c/-t-f7I6VvOI
# To be enabled in M103
kSandboxExternalProtocolBlocked = 1 # actually disabled


#########
# v102
#########

# Enables the "About this site" banner.
kAboutThisSiteBanner=?

# Auxiliary search for Android. See http://crbug/1310100 for more details.
kAndroidAuxiliarySearch=? # actually disabled

# Define the allowed websites to use LazyEmbeds. The allowed websites need to
# be defined separately from kAutomaticLazyFrameLoadingToEmbeds because we want
# to gather Blink.AutomaticLazyLoadFrame.LazyEmbedFrameCount UKM data even when
# kAutomaticLazyFrameLoadingToEmbeds is disabled.
kAutomaticLazyFrameLoadingToEmbedUrls=? # actually disabled

# When enabled, cookies cannot have an expiry date further than 400 days in the
# future.
kClampCookieExpiryTo400Days=? # actually disabled

# Enable `save-data` client hint.
kClientHintsSaveData=0 # actually enabled

# Crash the browser process if a child process is created which does not match
# the browser process regardless of whether the browser package appears to have
# changed.
kCrashBrowserOnAnyChildMismatch=1 # actually disabled
kCrashBrowserOnChildMismatchIfBrowserChanged=1 # actually disabled

# Enables service workers on chrome-untrusted:// urls.
kEnableServiceWorkersForChromeUntrusted=0 # actually disabled

# Kill switch for FedCm manifest validation.
# check for content/browser/webid/idp_network_request_manager.cc (cookies enabled)
kFedCmManifestValidation=0 # actually enabled

# When enabled, then we allow partitioned cookies even if kPartitionedCookies
# is disabled only if the cookie partition key contains a nonce. So far, this
# is used to create temporary cookie jar partitions for fenced and anonymous
# frames.
kNoncedPartitionedCookies=? # actually disabled

kPrivacyGuide2=? # actually disabled

# Enables the Chrome Android WebAPK-install service.
kWebApkInstallService=?

# Enables the deprecated syntax for the above \"launch_handler\": {
# \"route_to\": \"existing-client\",
# \"navigate_existing_client: \"always\" | \"never\"
# }
kWebAppEnableLaunchHandlerV1API=?


#########
# v103
#########

kAppServiceCrosApiOnAppsWithoutMojom=?

# Kill switch for computing heuristics other than the active ones
# (GetActivePatternSource()).
# https://chromium-review.googlesource.com/c/chromium/src/+/3613396
kAutofillDisableShadowHeuristics=? # actually disabled

# When enabled, candidate profiles are temporary stored on import, and merged
# with future candidate profiles, to create an importable profile. This makes
# importing from multi-step input flows possible.
# https://source.chromium.org/chromium/chromium/src/+/3600901c30d6878bd8b5c8d08863c4b695827a64
kAutofillEnableMultiStepImports=? # actually disabled

# When enabled, autofill will use the new ranking algorithm for card and
# profile autofill suggestions.
# https://source.chromium.org/chromium/chromium/src/+/d46a36987fff0c4e3c367257f5c66fca965684f0
kAutofillEnableRankingFormula=? # actually disabled

# This experiment sends a list to Chrome of 100 <URL, hash> pairs whose payloads are considered pervasive
# (the "pervasive payloads list"). During the three-week experiment period, if Chrome fetches a payload
# that matches both the URL and its hash on the pervasive payloads list, it is inserted into a local
# single-keyed cache. This payload is then available for use by Chrome when loading pages on other 
# sites that include the matching URL. All other fetches for URLs not on the pervasive payloads
# list are cached according to the existing split HTTP cache.
# https://groups.google.com/a/chromium.org/g/blink-dev/c/9xWJK3IgJb4/m/SYLfUccOBgAJ
kCacheTransparency=? # actually disabled
kPervasivePayloadsList=? # actually disabled

# Feature that when enabled completely removes all Feeds from chrome.
kIsAblated=1 # actually disabled

# Enables configuring the on-device clustering backend.
kOnDeviceClustering=0 # actually enabled

# If enabled, expose non-standard stats in the WebRTC getStats API.
kWebRtcExposeNonStandardStats=0 # actually disabled


#########
# v104
#########

kShoppingList=0

# When enabled, cookies with a non-ASCII domain attribute will be rejected.
kCookieDomainRejectNonASCII=1 # actually disabled

# Introduce a new COOP value: restrict-properties. It restricts window
# properties that can be accessed by other pages. This also grants
# crossOriginIsolated if coupled with an appropriate COEP header.
# This used solely for testing the process model and should not be enabled in
# any production code. See https://crbug.com/1221127.
kCoopRestrictProperties=?

# Whether the pending beacon API is enabled or not.
# https://github.com/darrenw/docs/blob/main/explainers/beacon_api.md
kPendingBeaconAPI=0 # actually disabled

# Enables support for the `Variants` response header and reduce
# accept-language. https://github.com/Tanych/accept-language
# (uazo) need some work in ComputeAcceptLanguage()
kReduceAcceptLanguage=? # actually disabled


#########
# v105
#########

# Create |mScrollState| and |mGestureStateListener| and start sending real-time engagement
# signals through {@link androidx.browser.customtabs.CustomTabsCallback}.
# see CustomTabActivityTabController.maybeStartSendingRealTimeEngagementSignals()
kCCTRealTimeEngagementSignals=0 # actually disabled

# Allow third-party delegation of client hint information.
kClientHintThirdPartyDelegation=1 # actually enabled

# Enable support for isolated web apps. This will guard features like serving
# isolated web apps via the isolated-app:// scheme, and other advanced isolated
# app functionality. See https://github.com/reillyeon/isolated-web-apps for a
# general overview.
kIsolatedWebApps=0 # actually disabled

# see https://bugs.chromium.org/p/chromium/issues/detail?id=1339708
kNetworkServiceMemoryCache=0 # actually disabled

# Enables the Private Aggregation API. Note that this API also requires the
# `kPrivacySandboxAggregationService` to be enabled to successfully send
# reports.
kPrivateAggregationApi=0 # actually disabled

# see https://bugs.chromium.org/p/chromium/issues/detail?id=1288578
kScaryExternalNavigationRefactoring = 0? # actually enabled

# Suppress RTC_LOG which are forwarded both to Chrome logs and WebRTC logs.
kSuppressAllWebRtcLogs = 0 # actually disabled

# Update protocol using ALPN information in HTTPS DNS records
kUseDnsHttpsSvcbAlpn = ? # actually disabled

# Enable the web lockscreen API implementation
# (https://github.com/WICG/lock-screen) in Chrome.
kWebLockScreenApi = ? # actually disabled


#########
# v106
#########

# Gate access to the AnonymousIframe origin trial. This is useful on its own,
# because the OT infrastructure doesn't check Chrome's version. It means token
# generated for the OT applies immediately to every Chrome versions. The
# feature flag allows Chrome developers to restrict the access to the first
# fully supported version.
#
# UAZO: anonymous iframe are active in v106
kAnonymousIframeOriginTrial = ?  # actually enabled

# Accumulates the fetch requests for resources while parsing chunks of HTML so
# they can be evaluated, prioritized and processed as a group rather than as
# they are discovered.
kBatchFetchRequests= ? # actually disabled

# Creates a <double key + is_cross_site> NetworkAnonymizationKey which is used
# to partition the network state. This double key will have the following
# properties: `top_frame_site` -> the schemeful site of the top level page.
# `frame_site ` -> nullopt
# `is_cross_site` -> true if the `top_frame_site` is cross site when compared
# to the frame site. The frame site will not be stored in this key so the value
# of is_cross_site will be computed at key construction. This feature overrides
# `kEnableDoubleKeyNetworkAnonymizationKey` if both are enabled.
kEnableCrossSiteFlagNetworkAnonymizationKey = ? # actually disabled

# Creates a double keyed NetworkAnonymizationKey which is used to partition the
# network state. This double key will have the following properties:
# `top_frame_site` -> the schemeful site of the top level page.
# `frame_site ` -> nullopt
# `is_cross_site` -> nullopt
kEnableDoubleKeyNetworkAnonymizationKey = ? # actually disabled

# If enabled, parser-blocking scripts are loaded asynchronously but the
# execution order is respected. See https://crbug.com/1344772
kForceInOrderScript = ? # actually disabled

# see https://source.chromium.org/chromium/chromium/src/+/main:mojo/core/core.cc;l=121;drc=f97e7e130b02a0fee5a06aa9cdf25d3a0a3715d0;bpv=1;bpt=1
kMojoAvoidRandomPipeId = 0 # actually disabled

# Handle the Link header DNS prefetches and preconnects in the network
# service instead of through the renderer process.
kPreconnectInNetworkService = ? # actually disabled

# Gates the non-standard legacy quota API `window.webkitStorageInfo`
# which is disabled starting M106.
# TODO(crbug.com/695586): Cleanup on or after M108.
kPrefixedStorageInfo = 0 # actually disabled

# see crbug.com/1346305 (internal)
kPrivacySandboxFirstPartySetsUI = ? # actually disabled

#########
# v107
#########

# Whether ALPS parsing is on for client hint parsing specifically.
kAlpsClientHintParsing=1 # actually enabled

# Whether ALPS parsing is on for any type of frame.
# see also https://chromestatus.com/feature/5555544540577792
kAlpsParsing=? # actually enabled

# - kBackForwardCacheSendNotRestoredReasons = {true: {\"requires_origin_trial\":
# false}} to enable the features globally.
# - kBackForwardCacheSendNotRestoredReasons = {true: {\"requires_origin_trial\":
# true}} to enable the features only for execution context with OT token.
# https://bugs.chromium.org/p/chromium/issues/detail?id=1349228
# https://bugs.chromium.org/p/chromium/issues/detail?id=1326344
# https://github.com/rubberyuzu/bfcache-not-retored-reason/blob/main/NotRestoredReason.md#security-and-privacy
kBackForwardCacheSendNotRestoredReasons=0 # actually disabled

kCommerceAllowOnDemandBookmarkUpdates=0 # actually enabled

kHeapProfilerReporting=0 # actually enabled (upload disabled in bromite)

# Enables process isolation of fenced content (content inside fenced frames)
# from non-fenced content. See
# https://github.com/WICG/fenced-frame/blob/master/explainer/process_isolation.md
# for rationale and more details.
# see also https://bugs.chromium.org/p/chromium/issues/detail?id=1123606
# https://docs.google.com/document/d/1HAU9IiHZU4KBPC_rEk3BQYrWTK50PdNGg8CcHhVLXig/edit
kIsolateFencedFrames=? 

# When enabled, allows other features to use the k-Anonymity Service.
# see also https://bugs.chromium.org/p/chromium/issues/detail?id=1342255
kKAnonymityService=?
kKAnonymityServiceOHTTPRequests=?

# ipcz is a replacement for Mojo Core designed to improve a number of things all
# at once, affecting performance, security, and code health
# see also https://bugs.chromium.org/p/chromium/issues/detail?id=1299283
kMojoIpcz = ? # actually disabled

kPermissionOnDeviceGeolocationPredictions=0 # actually disabled

kStorageAccessAPIForSiteExtension=?
kStorageAccessAPI=?


#########
# v108
#########

# Automatically disables accessibility on Android when no assistive
# technologies are present
# see https://bugs.chromium.org/p/chromium/issues/detail?id=1361520
kAutoDisableAccessibilityV2=?

# Kill switch for blocking form submissions redirecting to apps without an
# associated user gesture.
kBlockExternalFormSubmitWithoutGesture=1 # actually enabled

# A tab-under is when a page both opens a popup to some destination (usually where the user wants to go)
# AND navigates the opener page to some third party content (usually an advertisement).
# Chrome will block these navigations and show native UI to the user so they can follow the redirect just in case.
# see https://chromestatus.com/feature/5675755719622656
# https://bugs.chromium.org/p/chromium/issues/detail?id=661629
# https://docs.google.com/document/d/1ewmlwRVPyHUa-o63mubIq5qhdbk_kfqSAhdxmJMKvGc/edit#heading=h.nig13ndwosqb
# https://docs.google.com/document/d/1N-0etmATN6PhQt-m9S8sCgfz88zv8lZ2dBFdqKlzsPg/edit
# https://source.chromium.org/chromium/chromium/src/+/6dd11d28feba8b8003ef16f82b59cc3af4c6136e
kBlockTabUnders=1 # actually disabled

# If enabled, the installability criteria for granting PBS permission is
# dropped and the content setting is checked. This only applies if the
# requesting origin matches that of the browser's default search engine.
kPeriodicSyncPermissionForDefaultSearchEngine=0 # actually disabled



#########
# v109
#########

# Gate access to Attribution Reporting cross app and web APIs that allow
# registering with a native attribution API.
kAttributionReportingCrossAppWeb=0 # actually disabled

# Enables the DIPS (Detect Incidental Party State) feature.
# On by default to allow for collecting metrics. All potentially dangerous
# behavior (database persistence, DIPS deletion) will be gated by params.
# (Incidental parties are sites without meaningful user interactions, such as bounce trackers.)
kFeature=? # actually enabled (kDeletionEnabled is disabled)

# TODO(crbug.com/1370433): Remove this flag eventually.
# When enabled, drag-and-dropped files and directories will be checked against
# the File System Access blocklist. This feature was disabled since it broke
# some applications.
kFileSystemAccessDragAndDropCheckBlocklist=1 # actually disabled

# see https://w3c.github.io/mathml-core/#privacy-considerations
kMathMLCore=? # actually enabled

# Servicify or sandbox getaddrinfo on Linux/ChromeOS
# Enables out-of-process system DNS resolution so getaddrinfo() never runs in
# the network service sandbox. System DNS resolution will instead be brokered
# out over Mojo, likely to run in the browser process.
# https://bugs.chromium.org/p/chromium/issues/detail?id=1312224#c5
# https://source.chromium.org/chromium/chromium/src/+/98b914874c45d92923c8be3063fe5881823ba8ca
kOutOfProcessSystemDnsResolution=1 # actually disabled

kPostMessageFirstPartyToThirdPartyDifferentBucketSameOriginBlocked=1 # actually disabled
kPostMessageFirstPartyToThirdPartyDifferentBucketSameOriginBlockedIfStorageIsPartitioned=1 # actually disabled
kPostMessageThirdPartyToFirstPartyDifferentBucketSameOriginBlocked=1 # actually disabled
kPostMessageThirdPartyToFirstPartyDifferentBucketSameOriginBlockedIfStorageIsPartitioned=1 # actually disabled
kPostMessageThirdPartyToThirdPartyDifferentBucketSameOriginBlocked=1 # actually disabled
kPostMessageThirdPartyToThirdPartyDifferentBucketSameOriginBlockedIfStorageIsPartitioned=1 # actually disabled

# https://bugs.chromium.org/p/chromium/issues/detail?id=1173646
# https://bugs.chromium.org/p/chromium/issues/detail?id=1190167
# https://github.com/w3ctag/design-reviews/issues/721
# https://groups.google.com/a/chromium.org/g/blink-dev/c/3Ga0Y2BEz7E/m/jqSvDoUnBAAJ
SpeculationRulesPrefetchProxy=0 # actually enabled

# Whether to use the new code paths needed to support partitioning Blob URLs.
# This exists as a kill-switch in case an issue is identified with the Blob
# URL implementation that causes breakage.
# TODO(https://crbug.com/1407944): Kill-switch activated - investigate cause of
# increased renderer hangs.
kSupportPartitionedBlobUrl=? # actually disabled, wait for bug resolution

# View transitions.
# See https://www.w3.org/TR/css-view-transitions-1/
kViewTransition=? # actually disabled

# If enabled, ViewTransition API is supported for navigations including
# cross-document transitions.
# See https://drafts.csswg.org/css-view-transitions-1/.
# https://drafts.csswg.org/css-view-transitions-1/#priv
# https://drafts.csswg.org/css-view-transitions-1/#sec
kViewTransitionOnNavigation=? # actually disabled

# Sandbox shouldn't be inherited via document.write.
# see also https://bugs.chromium.org/p/chromium/issues/detail?id=1186311
kWarnSandboxIneffective=1 # actually enabled

# Disable sandbox/security-origin mutation via document.open
# https://bugs.chromium.org/p/chromium/issues/detail?id=1360795
kDocumentOpenSandboxInheritanceRemoval=? # actually disabled

#########
# v110
#########

# Whether Dynamic Features are enabled. CCT Intents can override the feature set
kCCTIntentFeatureOverrides=? # actually enabled

# CCT support for auto-translating to a predefined target language.
# Adds CCT support for auto-translation to a predefined target language
# from allowed packages. This is done via a new intent extra.
kCctAutoTranslate=0 # actually enabled

CrossFramePerformanceTimeline=0 # actually disabled

# By default on Android, when a client is being evicted, it only evicts itself.
# This differs from Destkop platforms which evict the entire FrameTree along
# with the topmost viz::Surface. When this feature is enabled, Android will
# begin also evicting the entire FrameTree.
# see https://bugs.chromium.org/p/chromium/issues/detail?id=1393349
kEvictSubtree=1 # actually disabled
kInnerFrameCompositorSurfaceEviction=1 # actually disabled

# Block drag-drop from some folder
# see https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/file_system_access/chrome_file_system_access_permission_context.cc;l=258;drc=e14364652369744ed1a8b9c4a582f11833b35aff;bpv=1;bpt=1?q=kBlockedPaths&sq=&ss=chromium%2Fchromium%2Fsrc
FileSystemAccessDragAndDropCheckBlocklist=1 # actually disabled

# Enables automatically upgrading main frame navigations to HTTPS.
# https://bugs.chromium.org/p/chromium/issues/detail?id=1394910
# (note: only flag, no code actually)
kHttpsUpgrades=? # actually disabled

kIncomingCallNotifications=0 # actually disabled

# Enables preprocessing requests with the Private State Tokens API Fetch flags
# set, and handling their responses, according to the protocol.
# (See https://github.com/WICG/trust-token-api.)
kPrivateStateTokens=? # actually disabled


#########
# v111
#########

# Block downloads delivered over insecure transports (i.e. not over HTTPS).
kBlockInsecureDownloads=1 # actually disabled

# Enable WebAssembly JSPI (JavaScript Promise Integration API)
# see https://v8.dev/blog/jspi
kEnableExperimentalWebAssemblyJSPI=? # actually disabled

# Enforce that writeable file handles passed to untrusted processes are not
# backed by executable files.
kEnforceNoExecutableFileHandles=1 # actualy disabled

# TODO(crbug.com/1140805): Remove this flag eventually.
# When enabled, move() supports moving local files (i.e. that do not live in
# the OPFS).
# TAG review: https://github.com/w3ctag/design-reviews/issues/805
kFileSystemAccessMoveLocalFiles=0 # actually enabled

# Enables the new implementation of HTTPS-First Mode.
kHttpsFirstModeV2=? # actually disabled

# Enables reporting ResourceTiming entries for document, who initiated a
# cancelled navigation in one of their <iframe>.
kResourceTimingForCancelledNavigationInFrame=0 # actually enabled


#########
# v112
#########

# Enables ADPF (Android Dynamic Performance Framework) for the browser IO
# thread.
# see https://source.chromium.org/chromium/chromium/src/+/c8842d0ac93a7fd17716bb840d08e0d4b37cdbe6
kADPFForBrowserIOThread=? # actually disabled


#########
# v113
#########

# Enable the click-to-call feature
# https://bugs.chromium.org/p/chromium/issues/detail?id=1418774
kClickToCall=0 # actually disabled

# https://bugs.chromium.org/p/chromium/issues/detail?id=1142516
kFullscreenPopupWindows=? # actually disabled

# Remove Lots of unnecessary mojo calls from network service to browser main thread
# https://bugs.chromium.org/p/chromium/issues/detail?id=1425174
kLessChattyNetworkService=? # actually disabled

# Enable AnimationFrameTimingMonitor, which measures long animation
# frames. Can be used for UKM or for the perofrmance API.
# see PerformanceObserver::supportedEntryTypes
LongAnimationFrameMonitoring=? # actually disabled
LongAnimationFrameTiming=? # actually disabled
kLongAnimationFrameUKM=? # actually disabled

# If enabled, renderers look for cached resources from another renderer
# that has the same process isolation policies. Note that renderers don't
# use cached resources in other rendereres yet, just record histograms.
# See https://crbug.com/1414262
# https://docs.google.com/document/d/1kPVlhMAW7dvo4THf_PsC6ZKf4012_n9lFrhsVpDUjjg/edit
# https://docs.google.com/document/d/1jI-Itz-_kr8euAdZZI_cm0XY18HsIkc18XFiEL32jRQ/edit
kRemoteResourceCache=? # actually disabled