The Compute Pressure API provides a way for websites to react to changes in the CPU pressure of the target device, such that websites can trade off resources for an improved user experience.


Modern applications often need to balance the trade offs and advantages of fully utilizing the system's computing resources, in order to provide a modern and delightful user experience.

As an example, many applications can render video effects with varying degrees of sophistication. These applications aim to provide the best user experience, while avoiding driving the user's device into a high pressure regime.

Utilization of [=processing units=] close to and often reaching 100% can lead to a bad user experience, as different tasks are fighting for the processing time. This can lead to slowless, which is especially noticeable with input delay. Further, a prolonged utilization close 100% can cause the [=processing units=] to heat up due to prolonged boosting, which can lead to throttling, resulting in an even worse user experience.

As a result of thermal limits, many smartphones, tablets and laptops can become uncomfortably hot to the touch. The fans in laptops and desktops can become so loud that they disrupt conversations or the users’ ability to focus.

In many cases, a device under high pressure appears to be unresponsive, as the operating system may fail to schedule the threads advancing the task that the user is waiting for. See also Use Cases.

A Note on Feature Detection

This section is non-normative.

Feature detection is an established web development best practice. Resources on the topic are plentiful on- and offline and the purpose of this section is not to discuss it further, but rather to put it in the context of detecting hardware-dependent features.

Consider the below feature detection examples:


This specification defines the following concepts:

Processing Units

Computing devices consist of a multitude of different processing units such as the Central Processing Unit (CPU), the Graphics Processing Unit (GPU) and many specialized processing units. The latter are becoming popular such as ones designed to accelerate specific tasks like machine learning or computer vision.

Supported sources

The specification currently defines the supported source types as global system thermals and the central [=processing unit=], also know as the CPU. Future levels of this specification MAY introduce additional [=source types=].

      enum PressureSource { "thermals", "cpu" };

The PressureSource enum represents the [=supported source types=]:

Sampling and Reporting Rate

The sampling rate for a [=platform collector=] is defined as a rate at which the [=user agent=] obtains telemetry readings from the underlying platform, and it might differ from the pressure observers' [=requested sampling rates=].

The reporting rate for a pressure observer is the rate at which it runs the [=data delivery=] steps.

The [=sampling rate=] differs from the [=requested sampling rate=] when the [=requested sampling rate=] exceeds upper or lower sampling rate bounds supported or accepted by the underlying platform and [=user agent=].

It is recommended that the [=user agent=] limits the [=reporting rate=] as outlined in [[[#rate-limiting-change-notifications]]].

In case the user didn't request a [=sampling rate=], the [=sampling rate=] is [=implementation-defined=].

Platform primitives

The [=platform collector=] refers to a platform interface, with which the [=user agent=] interacts to obtain the telemetry readings required by this specification.

A [=platform collector=] can be defined by the underlying platform (e.g. in a native telemetry framework) or by the [=user agent=], if it has a direct access to hardware counters.

A [=platform collector=] can support telemetry for different source types of computing devices defined by {{PressureSource}}, or there can be multiple [=platform collectors=].

From the implementation perspective [=platform collector=] can be treated as a software proxy for the corresponding hardware counters. It is possible to have multiple [=platform collector=] simultaneously interacting with the same underlying hardware if the underlying platform supports it.

In simple cases, a [=platform collector=] represents individual hardware counters, but if the provided counter readings are a product of data fusion performed in software, the [=platform collector=] represents the results of the data fusion process. This may happen in user space or in kernel space.

As collecting telemetry data often means polling hardware counters, it is not a free operation and thus, it should not happen if there are no one observing the data. See [[[#life-cycle]]] for more information.

A [=platform collector=] samples data at a specific rate. A [=user agent=] may modify this rate (if possible) for privacy reasons, or ignore and fuse certain readings.

User notifications

It is RECOMMENDED that a [=user agent=] show some form of unobtrusive notification that informs the user when a pressure observer is active, as well as provides the user with the means to block the ongoing operation, or simply dismiss the notification.

Policy control

The Compute Pressure API defines a [=policy-controlled feature=] identified by the token "compute-pressure". Its [=policy-controlled feature/default allowlist=] is `["self"]`.

Internal Slot Definitions

Each [=global object=] has:

A registered observer consists of an observer (a {{PressureObserver}} object).

A constructed {{PressureObserver}} object has the following internal slots:

The [=user agent=] additionally has a max queued records integer, which is set to an [=implementation-defined=] value, greater than 0.

Pressure States

Pressure states represents the minimal set of useful states that allows websites to react to changes in compute and system pressure with minimal degration in quality or service, or user experience.

    enum PressureState { "nominal", "fair", "serious", "critical" };

The PressureState enum represents the [=pressure state=] with the following states:

Contributing Factors

Contributing factors represent the underlying hardware metrics contributing to the [=current pressure state=] and can be [=implementation-defined=].

The change in contributing factors is substantial steps are as follows:

  1. If [=implementation-defined=] low-level hardware metrics that contribute to the [=current pressure state=] drop below or exceed an, per metric, [=implementation-defined=] threshold for the [=current pressure state=], return true.
  2. Return false.

Pressure Observer

The Compute Pressure API enables developers to understand the pressure of system resources such as the CPU.

The PressureUpdateCallback callback

    callback PressureUpdateCallback = undefined (
      sequence<PressureRecord> changes,
      PressureObserver observer
This callback will be invoked when the [=pressure state=] changes.

The PressureObserver object

The {{PressureObserver}} can be used to observe changes in the [=pressure states=].

    [Exposed=(DedicatedWorker,SharedWorker,Window), SecureContext]
    interface PressureObserver {
      constructor(PressureUpdateCallback callback, optional PressureObserverOptions options = {});

      Promise<undefined> observe(PressureSource source);
      undefined unobserve(PressureSource source);
      undefined disconnect();
      sequence<PressureRecord> takeRecords();

      [SameObject] static readonly attribute FrozenArray<PressureSource> supportedSources;

The PressureObserver interface represents a {{PressureObserver}}.

The constructor() method

The `new` {{PressureObserver(callback, options)}} constructor steps are:

  1. Set |this|.{{PressureObserver/[[Callback]]}} to |callback:PressureUpdateCallback|.
  2. If |options|["sampleRate"] is less than or equal to 0, throw a {{RangeError}}.
  3. Set |this:PressureObserver|.{{PressureObserver/[[SampleRate]]}} to |options|["sampleRate"].

The observe() method

The {{PressureObserver/observe(source)}} method steps are:

  1. Let |document:Document| be [=this=]'s [=relevant settings object=]'s [=associated Document=].
  2. If |document| is not null and is not [=allowed to use=] the [=policy-controlled feature=] token "compute-pressure", return [=a promise rejected with=] {{NotAllowedError}}.
  3. Let |promise:Promise| be [=a new promise=].
  4. Let |pendingPromiseTuple| be (|source|, |promise|).
  5. [=list/Append=] |pendingPromiseTuple| to [=this=].{{PressureObserver/[[PendingObservePromises]]}}.
  6. [=promise/React=] to |promise|:
    • If |promise| was [=resolved|fulfilled=] or [=rejected=], then:
      1. [=list/Remove=] |tuple| from [=this=].{{PressureObserver/[[PendingObservePromises]]}}.
  7. Run the following steps [=in parallel=]:
    1. If |source:PressureSource| is not a [=supported source type=], [=queue a global task=] on the [=PressureObserver task source=] given |document|'s [=relevant global object=] |relevantGlobal| to reject |promise| {{NotSupportedError}} and abort these steps.
    2. Activate [=data delivery=] of |source| data to |relevantGlobal|.
    3. [=Queue a global task=] on the [=PressureObserver task source=] given |document|'s [=relevant global object=] |relevantGlobal| to run these steps:
      1. If |promise| was rejected, run the following substeps:
        1. If |relevantGlobal|'s [=registered observer list=] for |source| is [=list/empty=], deactivate [=data delivery=] of |source| data to |relevantGlobal|.
        2. Return.
      2. [=list/Append=] a new [=registered observer=] whose [=observer=] is [=this=] to |relevantGlobal|'s [=registered observer list=] for |source|.
      3. Resolve |promise|.
  8. Return |promise|.

The unobserve() method

The {{PressureObserver/unobserve(source)}} method steps are:

  1. If |source:PressureSource| is not a [=supported source type=], throw {{"NotSupportedError"}}.
  2. [=list/Remove=] from |this|.{{PressureObserver/[[QueuedRecords]]}} all |records| associated with |source|.
  3. [=map/Remove=] |this|.{{PressureObserver/[[LastRecordMap]]}}[|source|].
  4. [=list/For each=] (|promiseSource|, |pendingPromise|) of [=this=].{{PressureObserver/[[PendingObservePromises]]}}, if |source| is equal to |promiseSource|, [=reject=] |pendingPromise| with an {{AbortError}}.
  5. Let |relevantGlobal| be [=this=]'s [=relevant global object=].
  6. Remove any [=registered observer=] from |relevantGlobal|'s [=registered observer list=] for |source| for which [=this=] is the [=registered observer=].
  7. If the above [=registered observer list=] is [=list/empty=], deactivate [=data delivery=] of |source| data to |relevantGlobal|.

The disconnect() method

The {{PressureObserver/disconnect()}} method steps are:

  1. [=list/Empty=] |observer|.{{PressureObserver/[[QueuedRecords]]}}.
  2. [=map/Clear=] |this|.{{PressureObserver/[[LastRecordMap]]}}.
  3. [=list/For each=] (|promiseSource|, |pendingPromise|) of [=this=].{{PressureObserver/[[PendingObservePromises]]}}, [=reject=] |pendingPromise| with an {{AbortError}}.
  4. Let |relevantGlobal| be [=this=]'s [=relevant global object=].
  5. Remove any [=registered observer=] from |relevantGlobal|'s' [=registered observer list=] for all supported [=source types=] for which [=this=] is the [=observer=].
  6. If the above [=registered observer list=] is [=list/empty=], deactivate [=data delivery=] of |source| data to |relevantGlobal|.

The takeRecords() method

The {{PressureObserver/takeRecords()}} method steps are:

  1. Let |records| be a [=list/clone=] of |observer|.{{PressureObserver/[[QueuedRecords]]}}.
  2. [=list/Empty=] |observer|.{{PressureObserver/[[QueuedRecords]]}}.
  3. Return |records|.

The supportedSources attribute

The {{PressureObserver/supportedSources}} attribute is informing on the [=supported source type=] by the [=platform collector=].

The {{PressureObserver/supportedSources}} getter steps are:

  1. Let |sources| be a [=list=] of |source:PressureSource|.
  2. Return |observer|'s frozen array of supported [=source types=].

The PressureRecord interface

    [Exposed=(DedicatedWorker,SharedWorker,Window), SecureContext]
    interface PressureRecord {
      readonly attribute PressureSource source;
      readonly attribute PressureState state;
      readonly attribute DOMHighResTimeStamp time;
      [Default] object toJSON();

A constructed {{PressureRecord}} object has the following internal slots:

The source attribute

The {{PressureRecord/source}} [=getter steps=] are to return its {{PressureRecord/[[Source]]}} internal slot.

The state attribute

The {{PressureRecord/state}} [=getter steps=] are to return its {{PressureRecord/[[State]]}} internal slot.

The time attribute

The {{PressureRecord/time}} [=getter steps=] are to return its {{PressureRecord/[[Time]]}} internal slot.

The toJSON member

When {{PressureRecord.toJSON}} is called, run [[[WebIDL]]]'s [=default toJSON steps=].

The PressureObserverOptions dictionary

    dictionary PressureObserverOptions {
      double sampleRate = 1.0;

The sampleRate member

The {{PressureObserverOptions/sampleRate}} member represents the requested sampling rate expressed in Hz, ie. it represents the number of samples requested to be obtained from the hardware per second. The [=reporting rate=] will never exceed the [=requested sampling rate=].

Life-cycle and garbage collection

Each [=global object=] has a strong reference to [=registered observers=] in their [=registered observer list=] (one per source).

Processing Model

This section outlines the steps the user agent must take when implementing the specification.

Supporting algorithms

The passes privacy test steps given the argument |observer:PressureObserver| and its [=relevant global object=] |relevantGlobal|, are as follows:
  • If |relevantGlobal| is a {{WorkerGlobalScope}} object:
    1. If |relevantGlobal|'s relevant worker is not a active needed worker, return false.
    2. Otherwise, return true.
  • If |relevantGlobal| is a {{Window}} object:
    1. If |relevantGlobal|'s [=associated document=] is not [=Document/fully active=], return false.
    2. [=list/For each=] |origin| in initiators of active Picture-in-Picture sessions:
      1. If |relevantGlobal|'s [=relevant settings object=]'s [=origin=] is [=same origin-domain=] with |origin|, return true.
    3. If |relevantGlobal|'s [=browsing context=] is [=context is capturing|capturing=], return true.
    4. Let |topLevelBC| be |relevantGlobal|'s [=browsing context=]'s [=top-level browsing context=].
    5. If |topLevelBC| does not have [=top-level traversable/system focus=], return false.
    6. Let |focusedDocument| be the |topLevelBC|'s currently focused area's [=Node/node document=].
    7. If |relevantGlobal|'s [=relevant settings object=]'s [=origin=] is [=same origin-domain=] with |focusedDocument|'s [=origin=], return true.
    8. Otherwise, return false.
The passes rate test steps given the argument |observer:PressureObserver|, |source:PressureSource| and |timestamp:DOMHighResTimeStamp|, are as follows:
  1. If |observer|.{{PressureObserver/[[LastRecordMap]]}}[|source|] does not [=map/exist=], return true.
  2. Let |record:PressureRecord| be |observer|.{{PressureObserver/[[LastRecordMap]]}}[|source|].
  3. Let |sampleRate| be |observer|.{{PressureObserver/[[SampleRate]]}}.
  4. Let |timeDeltaMilliseconds:DOMHighResTimeStamp| = |timestamp| - |record|.{{PressureRecord/[[Time]]}}.
  5. Let |intervalSeconds| = 1 / |sampleRate|.
  6. If (|timeDeltaMilliseconds| / 1000) ≥ |intervalSeconds|, return true, otherwise return false.
The has change in data steps given the argument |observer:PressureObserver|, |source:PressureSource|, |state:PressureState|, are as follows:
  1. If |observer|.{{PressureObserver/[[LastRecordMap]]}}[|source|] does not [=map/exist=], return true.
  2. Let |record:PressureRecord| be |observer|.{{PressureObserver/[[LastRecordMap]]}}[|source|].
  3. If |record|.{{PressureRecord/[[State]]}} is not equal to |state| and [=change in contributing factors is substantial=] returns true, return true.
  4. Return false.

Data delivery

[=Data delivery=] from a [=platform collector=] can be activate and deactivated in an [=implementation-defined=] manner per [=source type=] and [=global object=].

The data delivery steps that are run when an [=implementation-defined=] |data| sample of [=source type=] |source:PressureSource| is obtained from [=global object=] |relevantGlobal|'s [=platform collector=], are as follows:

  1. Let |source:PressureSource| be the [=source type=] of the |data| sample.
  2. Let |state:PressureState| be an [=implementation-defined=] state given |data| and |source|.
  3. Let |timestamp:DOMHighResTimeStamp| be a timestamp representing the time the |data| was obtained from the |relevantGlobal|'s [=platform collector=].
  4. [=list/For each=] |observer:PressureObserver| in |relevantGlobal|'s [=registered observer list=] for |source|:
    1. If running [=passes privacy test=] with |observer| returns false, [=iteration/continue=].
    2. If running [=passes rate test=] with |observer|, |source| and |timestamp| returns false, [=iteration/continue=].
    3. If running [=has change in data=] with |observer|, |source| and |state| returns false, [=iteration/continue=].
    4. Run [=queue a record=] with |observer|, |source|, |state| and |timestamp|.

Queue a PressureRecord

To queue a record given the arguments |observer:PressureObserver|, |source:PressureSource|, |state:PressureState| and |timestamp:DOMHighResTimeStamp|, run these steps:

  1. Let |record:PressureRecord| be a new {{PressureRecord}} object with its {{PressureRecord/[[Source]]}} set to |source|, {{PressureRecord/[[State]]}} set to |state| and {{PressureRecord/[[Time]]}} set to |timestamp|.
  2. If [=list/size=] of |observer|.{{PressureObserver/[[QueuedRecords]]}} is greater than [=max queued records=], then [=list/remove=] the first [=list/item=].
  3. [=list/Append=] |record| to |observer|.{{PressureObserver/[[QueuedRecords]]}}.
  4. Set |observer|.{{PressureObserver/[[LastRecordMap]]}}[|source|] to |record|.
  5. [=Queue a pressure observer task=] with |observer|'s [=relevant global object=].

Queue a Pressure Observer Task

The PressureObserver task source is a [=task source=] used for scheduling tasks to [[[#notify-observers]]].

To queue a pressure observer task given |relevantGlobal| as input, run these steps:

  1. If the |relevantGlobal|'s [=pressure observer task queued=] is true, then return.
  2. Set the |relevantGlobal|'s [=pressure observer task queued=] to true.
  3. [=Queue a global task=] on [=PressureObserver task source=] with |relevantGlobal| to [=notify pressure observers=].

Notify Pressure Observers

To notify pressure observers given |relevantGlobal| as input, run these steps:

  1. Set |relevantGlobal|'s [=pressure observer task queued=] to false.
  2. Let |notifySet| be a new [=set=] of all [=observers=] in |relevantGlobal|’s [=registered observer lists=].
  3. [=list/For each=] |observer:PressureObserver| of |notifySet|:
    1. Let |records| be a [=list/clone=] of |observer|.{{PressureObserver/[[QueuedRecords]]}}.
    2. [=list/Empty=] |observer|.{{PressureObserver/[[QueuedRecords]]}}.
    3. If |records| is not [=list/empty=], then invoke |observer|.{{PressureObserver/[[Callback]]}} with |records| and |observer|. If this throws an exception, catch it, and [=report the exception=].

Handling change of fully active

When a {{Document}} |document| is no longer [=Document/fully active=], deactivate [=data delivery=] of data of all [=supported source types=] to |document|'s [=relevant global object=].

When a worker with associated {{WorkerGlobalScope}} |relevantGlobal| is no longer an active needed workers, deactivate [=data delivery=] of data of all [=supported source types=] to |relevantGlobal|.

When a {{Document}} |document| becomes [=Document/fully active=], for each non-[=list/empty=] [=registered observer list=] associated the [=source type=] |source|, activate [=data delivery=] of |source| data to |document|'s [=relevant global object=].

When a worker with associated {{WorkerGlobalScope}} |relevantGlobal| becomes an active needed workers, for each non-[=list/empty=] [=registered observer list=] associated the [=source type=] |source|, activate [=data delivery=] of |source| data to |document|'s [=relevant global object=].

Handle unloading document and closing of workers

When a worker with associated {{WorkerGlobalScope}} |relevantGlobal|, once |relevantGlobal|'s [=WorkerGlobalScope/closing=] flag is set to true, deactivate [=data delivery=] for all [=supported source types=] to |relevantGlobal|.

As one of the [=unloading document cleanup steps=] given {{Document}} |document|, deactivate [=data delivery=] for all [=supported source types=] to |document|'s [=relevant global object=].

Security and privacy considerations

Please consult the Security and Privacy Self-Assessment based upon the [[security-privacy-questionnaire]].

Minimizing information exposure

Exposing hardware related events related to low -level details such as exact CPU utilization or frequency increases the risk of harming the user's privacy.

To mitigate this risk, no such low level details are exposed.

The subsections below describe the processing model. At a high level, the information exposed is reduced by the following steps:

  1. Rate-limiting - The user agent notifies the application of changes in the information it can learn. Change notifications are rate-limited.
  2. Same-origin context - The feature is only available in same-origin contexts by default, but can be extended to third-party contexts such as iframes via a permission policy.

Rate-limiting change notifications

We propose exposing the pressure state via rate-limited change notifications. This aims to remove the ability to observe the precise time when a value transitions between two states.

More precisely, once the pressure observer is activated, it will be called once with initial values, and then be called when the values change. The subsequent calls will be rate-limited. When the callback is called, the most recent value is reported.

The specification will recommend a rate limit of at most one call per second for the active window, and one call per 10 seconds for all other windows. We will also recommend that the call timings are jittered across origins.

These measures benefit the user's privacy, by reducing the risk of identifying a device across multiple origins. The rate-limiting also benefits the user's security, by making it difficult to use this API for timing attacks. Last, rate-limiting change callbacks places an upper bound on the performance overhead of this API.

Rate limiting can be implemented in the user agent, but it might also be possible to simply change the polling/sampling rate of the underlying hardware counters, if not accessed via a higher level framework.

No side-channels

It is possible to identify users across non-[=same origin=] sites if unique or very precise values can be accessed at the same time by sites not sharing origin.

If the same [=pressure state=] and timestamp is observed by two origins, that would be a good indication that the origin is used by the same user on the same machine. For this reason, the API limits reporting [=pressure state=] changes to one origin at the time.

A common way to do this, is only to report changes to the focused page, but one of the main users of this API are video conferencing sites. These sites want to make sure that the video streams and effects doesn't negatively affect the system and thus the conferencing experience - but there are two common cases where the site will usually not be focused:

  • The user is taking meeting notes and the site is in the background. Commonly the video stream is only visible via a picture-in-picture window.
  • The user is sharing an external application window such as a presentation, or sharing the whole screen, unusually with some UI indicating sharing is happening.
For this reason, the API considers these two cases to have higher priority than whether the site is focused.

Same-origin contexts

By default data delivery is restricted to documents served from the same-origin as an initiator of an active picture-in-picture-session, documents [=context is capturing|capturing=] or the document with [=top-level traversable/system focus=], if any.

The documents qualifying for data delivery, under the above rules, can delegate it to documents in [=child navigables=].


    const samples = [];

    function pressureChange(records, observer) {
      for (const record of records) {

        // We only want 20 samples.
        if (samples.length == 20) {

    const observer = new PressureObserver(pressureChange);

In the following example we want to lower the number of concurrent video streams when the pressure becomes critical. For the sake of simplicity we only consider this one state.

As lowering the amount of streams might not result in exiting the critical state, or at least not immediately, we use a strategy where we lower one stream at the time every 30 seconds while still in the critical state.

We accomplish this by making sure the callback is called at least once every 30 seconds, or when the state actually changes. When the state changes we reset the interval timer.

    let timerId = -1;
    function pressureChange(records) {
      // Clear timer every time we are called, either by an actual state change,
      // or when called by setTimeout (see below).
      if (timerId > 0) {

      // When entering critical state, we want to recheck every 30sec if we are
      // still in critical state and if so, further reduce our concurrent streams.
      // For this reason we create a timer for 30 seconds that will call us back
      // with the last result in there were no change.
      const lastRecordArray = [ - 1)];
      timerId = setTimeout(pressureChange.bind(this, lastRecordArray), 30_000);

      for (const record of records) {
        if (record.state == "critical") {
          let streamsCount = getStreamsCount();

    const observer = new PressureObserver(pressureChange);

In the following example, we want to demonstrate the usage of {{PressureObserver/takeRecords()}}, by retrieving the remaining |records| accumulated since the the callback was last invoked.

It is recommended to do so before {{PressureObserver/disconnect()}}, otherwise {{PressureObserver/disconnect()}} will clear them and they will be lost forever.

For example, we might want to measure the pressure during a benchmarking workload, and thus want pressure telemetry for the exact duration of the workload. This means disconnecting all observers immediately when the task is completed, and manually requesting any pending pressure telemetry up to this point that might not have been delivered yet as part of the event loop cycle.

    function logWorkloadStatistics(records) {
      // do something with records.

    const observer = new PressureObserver(logWorkloadStatistics);

    // Read pending state change records, otherwise they will be cleared
    // when we disconnect.
    const records = observer.takeRecords();


In the following example, we show how to tell the observer to stop watching a specific |source:PressureSource| by invoking {{PressureObserver/unobserve()}} with |source|.

    const observer = new PressureObserver(records => { /* do something with records. */ });


    // Callback now gets called whenever the pressure state changes for 'cpu' or 'gpu'.


    // Callback now only gets called whenever the pressure state changes for 'cpu'.

In the following example, we show how to tell the observer to stop watching for any state changes by calling {{PressureObserver/disconnect()}}. Calling {{PressureObserver/disconnect()}} will stop observing all sources observed by previous {{PressureObserver/observe()}} calls.

Additionally it will clear all pending records collected since the last callback was invoked.

    const observer = new PressureObserver(records => { // do something with records. });

    // some time later...


    // records will be an empty array, because of the previous disconnect().
    const records = observer.takeRecords();

This specification defines conformance criteria for a single product: a user agent that implements the interfaces that it contains.


Many thanks for valuable feedback and advice from Anssi Kostiainen, Asaf Yaffe, Chen Xing, Evan Shrubsole, François Beaufort, Jan Gora, Jesse Barnes, Joshua Bell, Kamila Hasanbega, Matt Menke, Moh Haghighat, Nicolás Peña Moreno, Opal Voravootivat, Paul Jensen, Peter Djeu, Raphael Kubo da Costa, Reilly Grant, Ulan Degenbaev, Victor Miura, Wei Wang, and Zhenyao Mo

Thanks to the W3C Privacy Interest Group (PING) and especially Peter Snyder for the privacy review and feedback.

Special thanks to Amanda Zhao, Fidel Tian, Zhiliang Wang and others from the Zoom engineering team for the feedback and hands-on experiments that have helped improve this API in real-world scenarios.