# [Self-Review Questionnaire: Security and Privacy](https://w3ctag.github.io/security-questionnaire/) This questionnaire has [moved](https://w3ctag.github.io/security-questionnaire/). For your convenience, a copy of the questionnaire's questions is quoted here in Markdown, so you can easily include your answers in an [explainer](https://github.com/w3ctag/w3ctag.github.io/blob/master/explainers.md). > 01. What information does this feature expose, > and for what purposes? > 02. Do features in your specification expose the minimum amount of information > necessary to implement the intended functionality? > 03. Do the features in your specification expose personal information, > personally-identifiable information (PII), or information derived from > either? > 04. How do the features in your specification deal with sensitive information? > 05. Do the features in your specification introduce state > that persists across browsing sessions? > 06. Do the features in your specification expose information about the > underlying platform to origins? > 07. Does this specification allow an origin to send data to the underlying > platform? > 08. Do features in this specification enable access to device sensors? > 09. Do features in this specification enable new script execution/loading > mechanisms? > 10. Do features in this specification allow an origin to access other devices? > 11. Do features in this specification allow an origin some measure of control over > a user agent's native UI? > 12. What temporary identifiers do the features in this specification create or > expose to the web? > 13. How does this specification distinguish between behavior in first-party and > third-party contexts? > 14. How do the features in this specification work in the context of a browser’s > Private Browsing or Incognito mode? > 15. Does this specification have both "Security Considerations" and "Privacy > Considerations" sections? > 16. Do features in your specification enable origins to downgrade default > security protections? > 17. What happens when a document that uses your feature is kept alive in BFCache > (instead of getting destroyed) after navigation, and potentially gets reused > on future navigations back to the document? > 18. What happens when a document that uses your feature gets disconnected? > 19. What should this questionnaire have asked?