Table of Contents

Key Features


Even though the control is promoted and supported only for Visual Basic 6.0 SP6, it is compatible with any OLE/COM capable Integrated Development Environments and x86 programming language. The following programming languages and IDE are reported to be compatible with WebKitX:

WebKitX Architecture

WebKitX CEF3 ActiveX is a light-weight MFC ATL component for use with OLE/COM Programming Languages. At runtime the ActiveX starts CEF3XClient.exe process, passing to it its Window Handle (hWnd). 

CEF3XClient Process starts CEF3 Browser and Render sub-processes and establishes a seamless back-to-back Interprocess Communication Mechanism (IPC) between the ActiveX and all CEF3 processes. Chrome Browser is parented in ActiveX hWnd but lives in its own process.

All COM-based method and property calls between the ActiveX and CEF3XClients are marshalled using CoWaitForMultipleHandles, allowing your application's UI to be responsive. For time-consuming tasks, such as URL loading, COM events provide you callbacks when the tasks are finished. 

The important aspect of this architecture design is that all WebKit HTML5 rendering and V8 JavaScript execution are taking place outside your application, offering your application stability and isolation.

Getting Started


Download WebKitX setup package and install it in a place like C:\Program Files (x86)\WebKitX CEF3 ActiveX  for x86 Application Development, or in a place like C:\Program Files\WebKitX CEF3 ActiveX for x64 Application Development. The ActiveX registers itself in Windows Registry and requires permissions to do so, so please make sure you run the installation by choosing Run as administrator.

Before the installation starts, the setup program will check if your Workstation requires Visual C++ 2017 Runtimes, and install it if it does. Depending on your Operating System, its Service Pack and WebKitX bundle, a different C++ redistributable might be installed. Please have a look further below in Commercial Distribution chapter for information about redistributing your application with WebKitX runtimes.


You are welcome to evaluate WebKitX for as long as you want and feel free to contact us with your questions, your suggestions and your bounties!  During evaluation, when opening a URL and at random intervals WebKitX displays a notification window informing you that it is a commercial product and that it requires a License, but it wont prevent you from using all its features.

Loading Sequence

WebKitX provides several Events during its initialization, creation of the browser and loading of a URL. First you need to set the licensing information by handling the early Form Loading or Creation event. Then you can control CEF Browser creation by handling the OnCreate event. Once the browser is ready it will emit the the OnBrowserReady event where you can enable JavaScript or HTML5 editing parameters. In OnBrowserReady you should also load the HTML5 markup or navigate to the URL you want to load. During loading WebKitX will fire several loading events such as OnLoadStart and OnLoadEnd. If you are loading HTML with frames (IFRAMEs) then some events will fire multiple times, such as OnPageLoadStart and OnPageLoadEnd. When the main frame is loaded WebKitX will fire OnLoadEnd and when all frames have loaded WebKitX will fire the OnPageComplete event.

When you receive the OnLoadEnd and OnPageLoadEnd events, it means that network-wise the contents have downloaded but HTML-wise the contents might not be fully parsed yet. In HTML terms this means that document.readyState value might not not set to complete. Pages in window or sub frames might be in interactive state and resources might be loading in the background. The only event that guarantees that the main window frame and all sub-frames have document.readyState = complete is OnPageComplete. Internally, WebKitX uses an asynchronous task that checks the document.readyState for all frames; if this check result is "complete" with a count equal to browser frames, then the event is fired. If some frames have loaded while other frames have failed, the event will not fire. The check takes place on a fresh HTML DOM snapshot obtained every time at the moment of the check, and examines the current number of frames. The frames must remain unchanged for 3 seconds before the event is fired; this way, any dynamic loading or unloading of frames is taken into account.

Please note that some frameworks such as Angular and React dynamically load portions of the page. WebKitX events will keep firing while dynamic content is downloaded. You need to examine the behavior of the control in relation with the web site you want to display and adjust your event handling accordingly.

Getting Started with Visual Basic 6.0

Creating a Simple Browser Application

Start Visual Basic 6.0 and create a new Standard EXE Application.

Right-click on the Toolbox and select Components... in the Popup Menu.

In Components dialogue select and check mobileFX WebKitX CEF3 ActiveX and click OK.

The component will appear on the Toolbox as illustrated below.

Select the component from the Toolbox and draw it on the Form. Your Developer UUID will be displayed on the control's canvas and on control Properties.


First you must activate WebKitX ActiveX by providing your License Key. If you are using early binding, a good place to do that is on Form_Load event. If you are using late binding you are advised to activate the control straight after its creation. This step applies only to license owners. During trial evaluation of WebKitX you may skip it.

WebKitX1_OnCreate(Settings, CommandLineSwitches)

Next you may control the creation of CEF3 Browser and Client Processes. OnCreate event provides you a Settings object that controls CEF3 Application and CEF3 Browser creation and initialization settings. The recommended defaults are preset in this object but you may want to provide your own settings such as Localization, Cache paths, Security settings, etc. The second parameter is CommandLineSwitches that are additional CEF3 preferences and even JavaScript flags that you want to provide to CEF3 Client Processes. 

For a list of command line switches please have a look here:

Default WebKitX CEF3 Command Line Switches


OnBrowserReady event notifies you that CEF3 processes and WebKitX control have been successfully created and the Interprocess Communication Mechanism (IPC) is established. At this point you can define secondary behavioral parameters such as focus control, formatting APIs, script downloading control, etc. but most importantly after OnBrowserReady event you can successfully start loading URLs for browsing or editing.


OnLoadEnd event is fired when your URL is completely downloaded. At this point you can enable HTML5 Editing or Preview (Browsing) and set the HTML DOM events you want WebKitX to subclass for every HTML Element on the document. After you receive this event you can start using the Selection and Formatting APIs.

Getting Started with C#

Creating a Simple Browser Application

Start Visual Studio .NET and create a new C# Windows Forms Application.

Right-click on Project References and select Add Reference...

Select COM tree node and type webkitx on search textbox; the list will display mobileFX WebKitX CEF3 ActiveX. Check the checkbox next to it and click OK.

The control will appear in the Toolbox as illustrated below.

Drag the control on the Form. On the control's canvas will appear the Developer UUID of your Workstation. Send it by email to

Create an event handler for the Form's Load event.

In Form_Load event handler, enter your activation information as illustrated below.

Switch back to Form Designer and create an event handler for the OnBrowserReady event.

Activate Scripts and open the URL you wish to browse.

Compile and Run!

WebKitX 64-bit Application Development with C#

To enable 64-bit application development both 32-bit and 64-bit versions of WebKitX ActiveX must be installed on your development Workstation.

WebKitX 32-bit ActiveX Registry Verification:

WebKitX 64-bit ActiveX Registry Verification:

In the Simple Browser example above, Visual Studio C# project is set to Any CPU and by default it will compile a 32-bit application. When you run Simple Browser, you will notice in Task Manager that both SimpleBrowser.exe and CEF3XClient.exe processes are 32-bit.

To enable 64-bit application compilation you need to define a new Solution Platform. Go to Solution Platforms drop-down and select Configuration Manager...

In Configuration Manager, in the Active Solution platform drop-down, select <New...> and in the New Solution Platform dialogue enter x64. Click OK and Close to return to Visual Studio IDE.

The 64-bit x64 Solution Platform is now active; you can hit Run to compile and run the 64-bit Simple Browser application.

When you run Simple Browser, you will notice in Task Manager that both SimpleBrowser.exe and CEF3XClient.exe processes are now 64-bit.

Please note that if you close the IDE while the x64 Solution Platform is selected, the next time you will try to load your Project the IDE will default to 64-bit and it will fail to load the Form Designer. Visual Studio Form Designer works only with 32-bit ActiveX Controls. So, just make sure you select Any CPU before your save and close your project.

WebKitX API programming in C#EXPERIMENTAL

As of version 2.x WebKitX ActiveX ships with C# samples for both x32 and x64 architectures. The IDL COM API of WebKitX is using OLE/COM Variants for passing data back and forth to the ActiveX. In C# the Variant data type is not available but you may substitute it with object array like the example below:

Behavior Configuration IMPORTANT NOTES

Enabling JavaScript 

Please note that in WebKitX downloading script tags is disabled by default because in editor mode JavaScript execution often messes with HTML5 styles, especially if you are using features such as Parallax Scrolling and JavaScript-aided responsive layouts. If you want to download and execute JavaScript you must explicitly enable it using  WebKitX1.DownloadScripts = True in OnBrowserReady() event handler, as illustrated in code fragment below. 

As a side note, in editor mode of WebKitX you can execute JavaScript at run-time using Eval, AddScript, AddCode and ExecuteCommand methods, even if DownloadScripts is false. The key difference is download-time and run-time JavaScript execution and WebKitX DownloadScripts parameter controls download-time JavaScript and not run-time JavaScript.

Setting HTML5 by code at Runtime

WebKitX offers your two ways to load HTML: either by WebKitX.Open() method or by WebKitX.HTML property. Please note that providing a URL is recommended for successfully downloading relative resources such as Images, Style Sheets, Scripts, etc. If however you need to use the WebKitX.HTML property you first need to set a fake-but-valid URL and BaseURL. Chromium Embedded Framework Browser requires a valid URL page before you can inject HTML and/or JavaScript by code at run-time. To do so please use the WebKitX.URL and WebKitX.BaseURL properties before you use the WebKitX.HTML property.

Disabling GPU

In WebKitX GPU Hardware Acceleration is enabled by default. However, there are cases that you might need to host your application in a Virtualized environment such as VMware, Citrix or Virtual Box where GPU emulation is not available. You may disable GPU by handling the OnCreate() event and adding --disable-gpu --disable-webgl --disable-3d-apis --disable-gpu-compositing in CommandLineSwitches and setting Settings.webgl = False.

Setting CEF3 Preferences at Runtime

WebKitX offers GetPreference() and SetPreference() methods to read / modify CEF3 preferences at run-time. Please note that setting preferences causes CEF browser to recreate and it is time-costly, so use it with caution, especially when synchronizing WebKitX HTML with a Code Editor (like HTML5 Pad does). For example to enable / disable Spell Checking, WebKitX uses an internal Boolean latch in order to avoid browser recreation and you should use WebKitX1.SpellChecking = true instead of SetPreference("browser.enable_spellchecking", "true").

For a list of preference please have a look here:

WebKitX Plugins

WebKitX plugins are disabled by default. To enable plugins you need to handle the OnCreate event and set Settings.plugins = True as illustrated below:

PDF Viewer Plugin

When plugins are disabled PDF files will download as regular files rather than render on the screen. To enable PDF Viewer you need to handle the OnCreate event and set Settings.plugins = True.

Flash Player Plugin

To enable Flash player you need to download a x86 version of pepflashplayer.dll and provide the path to it by setting the Settings.flash_player_dll_path property in OnCreate() event, as illustrated below. If you copy the DLL in the ActiveX folder then you do not need to provide the full path. If you decide to install the DLL in a different folder you should provide the path with forward slashes (unix-style paths).

Chrome DevTools Plugin

Chrome DevTools is a set of web developer tools built directly into the Google Chrome browser. DevTools can help you diagnose problems quickly, which ultimately helps you build better websites, faster. To show built-in DevTools use the WebKitX.ShowDevTools(0) command.

Calling JavaScript

Calling JavaScript Functions by Name - CallByName()

The simplest way to call a JavaScript function in WebKitX is WebKitX.CallByName(Name, Variant) method. You can pass to JavaScript function arbitrary arguments using an OLE/COM Variant, and receive the function's result value, as an OLE/COM Variant too. Execution of CallByName is IPC-synchronous and this method is an elegant alternative to WebKitX.Eval() code as you can pass back-and-forth your variables without stringifying them. For more information about this mechanism have a look in OLE/COM Variants to V8 Values Conversion.

Calling JavaScript Functions for a Specific Execution Context -  JSCallback()

WebKitX JavaScript Callbacks is a mechanism to register and call JavaScript functions by name, within a specific V8 JavaScript Execution Context. The key difference from CallByName() is that CallByName can only invoke functions registered in the Global Scope of the Main Window, where as JavaScript Callbacks allow you to call functions registered in any scope and window.

Registering JavaScript Callbacks

Each frame in a browser window has its own V8 context. The context defines the scope for all variables, objects and functions defined in that frame. WebKitX allows you to register a JavaScript callback in a V8 context using window.register(name, callback, this) method. The first argument is the string name of the function, the second is the function callback and the 3rd optional parameter is the execution context. If the 3rd parameter is not defined then the global object is assumed.

Invoking JavaScript Callbacks

To invoke the JavaScript callback you simply need to call WebKitX.JSCallback(name, params, async) method passing the name of the JavaScript function you want to invoke and a Variant with the arguments. For critical real-time applications you should set async parameter to True, which executes the IPC call synchronously. The result depends on the JavaScript function and can be either a scalar value or a variant array of variants.

OLE/COM Variants to V8 Values Conversion EXPERIMENTAL

WebKitX has a powerful OLE/COM Variant to Google V8 Value bi-directional converter that works both for Scalar and Array values, including nested array values (arrays of arrays of variants). This conversion mechanism is available to any WebKitX method transmitting and/or returning an OLE/COM Variant, such as CallByName(), JSCallBack() and DispatchEvent().

WebKitX can serialize variant scalars VT_BSTR, VT_UINT, VT_INT, VT_NULL, VT_BOOL, VT_R4, VT_R8, VT_CY, VT_DATE as well as variant safearray of variants VT_ARRAY|VT_VARIANT and even typed arrays VT_ARRAY|VT_BSTR, VT_ARRAY|VT_UINT, VT_ARRAY|VT_INT, VT_ARRAY|VT_BOOL, VT_ARRAY|VT_R4, VT_ARRAY|VT_R8, VT_ARRAY|VT_CY, VT_ARRAY|VT_DATE to Google V8 value objects. Currently serialization of VT_DISPATCH is not supported and therefore you cannot pass OLE/COM Objects to JavaScript.

On the OLE/COM side, to pass multiple arguments to a JavaScript callback function you need to wrap them in a Variant Array of Variants.

On the JavaScript side, you can return V8 Scalar or V8 Array values to OLE/COM side, including nested V8 Arrays. WebKitX can serialize V8 scalar Boolean, Number, String, Null, Date values and Array of [Boolean or Number or String or Null or Date or Array] V8 values. Google V8 Arrays are always returned as Variant Arrays of Variants.

On the receiving OLE/COM side the scalars are converted to a Variant of equivalent scalar type and Arrays are converted into a Variant Array of Variants.

HTML5 DOM to COM Events

Selector based API

WebKitX provides you access to  HTML5 DOM through a robust  CSS3 selector-based API (Selector example td:nth-of-type(3) > span:first-child Selectors are used as arguments in editing and styling method calls and as targets in events. The ActiveX provides the selector of the currently selected element and the begin and end nodes of the current selection: ActiveElement, SelAnchorElement, SelFocusElement.

Asynchronous DOM to COM Events

HTML5 DOM Events are generated by WebKit Blink Engine and are copied into an immutable format before they are transmitted from CEFXClient process to WebKitX ActiveX. Once WebKitX ActiveX receives an event notification through IPC, it fires a COM Event with the copied data of HTML DOM event. Thus, CEFXClient process does not block waiting for your client code to handle the event. WebKitX DOM Events are Immutable, meaning that you can only read event data but you cannot cancel events, stop them from bubbling or prevent default behavior. 

Synchronous DOM to COM Events

WebKitX as of version supports synchronous DOM to COM events by implementing CefMessageRouter circuit. Events generated from WebKit Blink Engine are serialized and passed from Rendering to Browser process, which transmits them to the ActiveX. The browser process waits for the ActiveX to handle the event, where you can also cancel event bubble or prevent event's default behavior.

Please note that blocking Inter-process Communication (IPC) between 3 processes is not advisable for casual event handling and you should do so only if you need to cancel specific events. Synchronous DOM to COM Events are thread-safe and care has been placed in order to support this feature seamlessly in single-threaded Applications without deadlocks. For that purpose, synchronous events are serialized using mutex synchronization on entry, meaning that synchronous events occupy the IPC channel one at a time. Please contact us for more implementation details or if you need a different handling of DOM to COM events.

Listening to DOM Events

You can use addEventListener and removeEventListener for attaching and detaching on HTML DOM events. WebKitX offers two methods:

The signature of the public methods is defined by OnEvent() event which is:

EventData are a JSON string representation of DOM Event:

{ "eventName": "click", "eventType": "[object MouseEvent]", "altKey": false, "bubbles": true, "button": 0, "buttons": 0, "cancelBubble": false, "cancelable": true, "clientX": 86, "clientY": 178, "composed": true, "ctrlKey": false, "currentTarget": "", "defaultPrevented": false, "detail": 1, "eventPhase": 1, "fromElement": "", "isTrusted": true, "layerX": 86, "layerY": 178, "metaKey": false, "movementX": 0, "movementY": 0, "offsetX": 86, "offsetY": 89, "originalTarget": "", "pageX": 86, "pageY": 178, "path": "#lga", "relatedTarget": "", "returnValue": true, "screenX": 566, "screenY": 415, "shiftKey": false, "srcElement": "#lga", "sourceCapabilities": {}, "target": "#lga", "timeStamp": 8625.205000000002, "toElement": "#lga", "type": "click", "which": 1, "x": 86, "y": 178, "region": null, }
{ "eventName": "mousemove", "eventType": "[object MouseEvent]", "altKey": false, "bubbles": true, "button": 0, "buttons": 0, "cancelBubble": false, "cancelable": true, "clientX": 136, "clientY": 1, "composed": true, "ctrlKey": false, "currentTarget": "", "defaultPrevented": false, "detail": 0, "eventPhase": 1, "fromElement": "", "isTrusted": true, "layerX": 136, "layerY": 1, "metaKey": false, "movementX": -1, "movementY": -2, "offsetX": 136, "offsetY": 1, "originalTarget": "", "pageX": 136, "pageY": 1, "path": "#viewport", "relatedTarget": "", "returnValue": true, "screenX": 616, "screenY": 238, "shiftKey": false, "srcElement": "#viewport", "sourceCapabilities": {}, "target": "#viewport", "timeStamp": 276604.28, "toElement": "#viewport", "type": "mousemove", "which": 0, "x": 136, "y": 1, "region": null, }

DOM Events Handling Example

WebKitX Events Sample demonstrates handling DOM events and reading values from Input elements. In the following code fragment are demonstrated the three (3) different methods you can use. The generic method, the AddressOf method that requires a Module, and the IDispatch method that requires an Object. The sample loads a INPUT element and a BUTTON and when you click the button it fires an event which is handled by VB6. The event handler code in VB6 uses WebKitX API to read the value of the INPUT.

Firing Custom HTML5 Events - DispatchEvent()

WebKitX DispatchEvent() method allows you to fire DOM events directly into JavaScript and handle those events by JavaScript event handlers. You can pass the target selector that will receive the event, the event name, event initialization parameters (bubbling, cancelable, composed) and an OLE/COM Variant that will be converted into a V8 JavaScript object and added in the details field of the Event object. Event execution can be both synchronous and asynchronous in terms of IPC tunneling, and it is always synchronous in terms of DOM.

WebKitX HTML5 Editor

There are some best practices when using WebKitX as an HTML5 Editor:

Disabling JavaScript download

Disabling scripts downloading is advisable when using WebKitX as an Editor because JavaScript execution often messes with HTML5 styles, especially if you are using features such as Parallax Scrolling and JavaScript-aided responsive layouts.

Detecting Edit Mode from JavaScript

There are cases where your JavaScript code might need to detect if WebKitX is in Edit mode. To do that simply read window.__WEBKITX_EDITABLE__ variable. You should wrap Google Analytics and Google Tags Manager initialization code inside a conditional block and download Google scripts (or any other script) by URL, as illustrated below:

Getting HTML Source

To retrieve HTML5 source as a String you can use WebKitX.HTML property. 

Getting XHTML Source

You can configure WebKitX to return XHTML instead of HTML by setting Settings.enable_xml_html = true in OnCreate() event handler. This setting enables DOM parsing by XMLSerializer that trans-codes your HTML into XML. The output results in better structured and faster parsed documents but XMLSerializer also encodes the source code of <script> elements; in particular  XMLSerializer HTML-Encodes any Entity Character such as ampersand (&) to &amp;, less than (<) to &lt;, grater than (>) to &gt;, etc. You should make sure that all your <script> elements are referenced and not embedded.

Using WebKitX with MDI Forms

MDI Forms in most programming languages suffer from flickering effects. When using WebKitX in an MDI child Form, you may notice rendering problems when MDI children overlap each other during resizing or moving. To treat this problem you need to add WebKitX.SetMDIWindow(hWND) in every MDI child Form that uses WebKitX control. The call installs a window sub-class hook that detects WM_WINDOWPOSCHANGING and  WM_MOVING messages and repaints the entire MDI Form. In order to avoid further flickering and redundant repaints, WebKitX uses Timer that absorbs repeated WM_WINDOWPOSCHANGING and WM_MOVING messages. For SetMDIWindow() to work, the WebKitX control must be directly placed inside an MDI Child Form and must not be contained inside another control (such as a TabStrip).

Overlapping Form Controls (re-positioning / re-z-indexing)

When you place WebKitX control inside a TabStrip control you must control its Visibility in order to avoid rendering problems. Most TabStrip controls during page selection, instead of toggling the visibility of the pages and/or their contained controls, they simply re-position the inactive controls in a non-visible area or re-position the controls along the z-axis. However, CEF3 window is an out-of-process overlay window on-top of WebKitX COleControl window and re-positioning or re-z-indexing form controls can cause rendering problems to WebKitX and other controls in your form too.

To avoid this problem as of version WebKitX does not resize/re-position CEF3 browser window if WebKitX control is invisible (WebKitX.Visible = False). However, there is a best practice you must follow in order to achieve the desired behavior: you need to control WebKitX visibility by code, as illustrated below. Also, we have added WebKitX.SetAutoResize(Enable) method to explicitly enable or disable CEF3 resize/re-position. Please note that to force WebKitX / CEF3 to resize/re-position after they become visible again, you must call WebKitX.Repaint() method.

The problem described does not appear only with TabStrip controls; the same defect appears if you have custom control layouting implementation in your Forms that re-positions controls or re-indexes controls z-index.

Content Filtering EXPERIMENTAL


WebKitX Content Filtering is a mechanism that allows you to remove HTTP Response Headers, such as Content Security Policy (CSP) response header, and alter or remove Cross Origin Resource Sharing (CORS) response header. WebKitX implements in CEF3 Client I/O Thread a custom Resource Handler that intercepts normal HTTP and HTTPS requests and spawns a light-weight object that downloads the resource instead. Once the HTTP Response Headers for a particular resource are available, they are being filtered-out and passed to the IO thread for further processing. 

This mechanism works for the following HTTP methods: GET, POST, HEAD, DELETE and PUT, and works for any MIME type resource. WebKitX content filtering works both with HTTP and HTTPS requests, meaning that it works perfectly with server-side SSL encryption, but it does not work if client-side SSL authentication is enabled. Please read further below for more information about Microsoft IIS Client SSL certificate configuration.

Overwrite Cross-Origin Resource Sharing (CORS)

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. A web application makes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, and port) than its own origin.

An example of a cross-origin request: The frontend JavaScript code for a web application served from uses XMLHttpRequest to make a request for

For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. For example, XMLHttpRequest and the Fetch API follow the same-origin policy. This means that a web application using those APIs can only request HTTP resources from the same origin the application was loaded from, unless the response from the other origin includes the right CORS headers.

The CORS mechanism supports secure cross-origin requests and data transfers between browsers and web servers. Modern browsers use CORS in an API container such as XMLHttpRequest or Fetch to help mitigate the risks of cross-origin HTTP requests.

This cross-origin sharing standard is used to enable cross-site HTTP requests for:

To enable CORS, you need to configure your web server to return the Access-Control-Allow-Origin HTTP header:
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: <origin>

In WebKitX you can overwrite web server's Access-Control-Allow-Origin  by handling the OnCreate() event and setting Settings.filter_response = true and Settings.access_control_allow_origin to "*" or the domain you wish to allow.

Overwrite Content Security Policy (CSP)

WebKitX due to JavaScript injection features and extensive use of eval() requires Content Security Policy (CSP) to be suppressed. If you try to load a URL with CSP enabled in WebKitX, it will result in a series of error messages related to unsafe-eval, like the one below:

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP is designed to be fully backward compatible. Browsers that don't support it still work with servers that implement it, and vice-versa: browsers that don't support CSP simply ignore it, functioning as usual, defaulting to the standard same-origin policy for web content. If the site doesn't offer the CSP header, browsers likewise use the standard same-origin policy.

To enable CSP, you need to configure your web server to return the Content-Security-Policy HTTP header (sometimes you will see mentions of the X-Content-Security-Policy header, but that's an older version and you don't need to specify it anymore).

In WebKitX you can overwrite web server's Content-Security-Policy by handling the OnCreate() event and setting Settings.filter_response = true and Settings.remove_response_headers to "x-webkit-csp,content-security-policy,x-content-security-policy". The same feature can be used to remove any other response header.

Some sites stop loading after enabling Content Filtering

WebKitX Content Filtering features and SSL Client Certificate enabled on your Web Server cannot work together. You must either disable WebKitX Content Filtering or disable SSL Client Certificate on your Web Server, as illustrated below:

Page Encoding problems with early implementation of Content Filtering

CEF 3.3202.1692 ignores Content-Type charset option when using custom CefResourceHandler, causing pages such as or to render with unreadable characters. [bug link]. To treat this problem, WebKitX Content Filtering enforces UTF-8 BOM insertion in text/plain, text/html, application/json, application/javascript, application/ecmascript, text/css, text/xml MIME types. Please note that the bug appears only if content filtering is enabled and does not affect normal (unfiltered) browsing or editing. The plan about this bug is to switch to newer version of CEF3 on January 2019.

Loading with content filtering with version

Loading with content filtering with version (Sep 2018) and later:

Commercial Distribution

Commercial License Activation

If you own a commercial license of WebKitX ActiveX control, you need to add in your program your License Key. By doing so, the component will supress licensing messages at run-time (when compiled). Add this line in your code: WebKitX1.ActivateCommercial "your@email", "your_commercial_license_key"

Developer Workstation Activation

If you own a commercial license of WebKitX ActiveX control, you need to send us the Developer UUID of the control and we will issue a Design-Time activation code for your licensed workstation. By doing so, the component will suppress licensing messages at design-time (when coding). The Developer UUID can be found printed on the canvas of the control; it can also be copy-pasted into an email from the properties window of your IDE by seleting the control and browsing its properties. Add this line in your code: WebKitX1.ActivateWorkstation "your_workstation_key"

Finding your Developer UUID

In some programming languages such as PowerBuilder, Delphi, Embarcadero RAD Studio, when placing the control on the Form does not display the Developer UUID. To find your Workstation's Developer UUID for WebKitX, locate the DeveloperUUID.exe program in WebKitX installtion folder and run it.

Commercial Distribution

Creating a setup script to install WebKitX on a different computer should be straight-forward:

  1. For x86 your script must copy the files of the C:\Program Files (x86)\WebKitX CEF3 ActiveX\bin folder to the other computer.
    The destination folder is irrelevant and can be anywhere you choose.
  2. For x64 your script must copy the files of the C:\Program Files\WebKitX CEF3 ActiveX\bin folder to the other computer.
    The destination folder is irrelevant and can be anywhere you choose.
  3. For x86 your script must run Microsoft Visual C++ 2015 Redistributable Package (x86) for the Windows OS and Service Pack bundle of the other computer.
    For detailed information please see the WebKitX Runtime Dependencies paragraph above.
  4. For x64 your script must run Microsoft Visual C++ 2015 Redistributable Package (x64) for the Windows OS and Service Pack bundle of the other computer.
    For detailed information please see the WebKitX Runtime Dependencies paragraph above.
  5. Your script must register WebKitX ActiveX into the Windows Registry using this command: regsvr32 /s WebKitXCEF3.ocx
  6. If your product does not use Chrome DevTools, you may skip devtools_resources.pak to decrease size.
  7. If your product uses Flash Player you should add Pepper Flash Player.

WebKitX Runtime Dependencies

WebKitX requires Microsoft C++ Runtime. During installation WebKitX setup will automatically install Microsoft C++ Redistributable Package for the following list of Windows Operating Systems:

The latest supported Visual C++ downloads by Microsoft

.NET Redistributables (for C# samples)

Visual Basic 6.0 Redistributables (for VB Samples);en-us;290887

General Trouble Shooting

WebKitX installation Fails

If during WebKitX installation you get an error message that WebKitXCEF3.ocx and cmax40.dll failed to register, it most certainly means that  Microsoft x86 C++ 2015 Redistributable Package failed to automatically install because the Windows OS version and/or its current Service Pack are not compatible with the included Microsoft x86 C++ 2015 Redistributable Package. You are advised to download Microsoft x86 C++ 2015 Redistributable Package for you Operating System and Service Pack bundle, and install it manually.

Nothing Paints on my Form

WebKitX ActiveX provides OLE Control Host Window Handle (HWND) to Chromium Embedded Framework (CEF3), which in turn paints the HTML5 composite image to the OLE Control Host Device Context (HDC). This mechanism requires you to Disable Double Buffering Features of the Host Form or OLE Control Host. Furthermore please make sure you set the scale mode of your Host Form or OLE Control Host to Pixels.

I get unsafe-eval error messages

WebKitX due to JavaScript injection features and extensive use of Eval() requires Content Security Policy (CSP) to be suppressed. If you try to load a site with CSP enabled in WebKitX, it will result in a series of error messages related to unsafe-eval. Please refer to Content Filtering article above for information how to by-pass CSP in WebKitX.

My web site does not load properly

JavaScript in WebKitX is disabled by default and as a result most sites will not load properly. Please handle the OnBrowserReady event and enable JavaScript by setting WebKitX1.DownloadScripts = True.

My web site does not load at all

WebKitX Content Filtering features and SSL Client Certificate enabled on your Web Server cannot work together, by design. You must either disable WebKitX Content Filtering or disable SSL Client Certificate on your Web Server. Please note this has nothing to do with HTTPS. For more information please refer to Content Filtering chapter.

WebKitX SamplesWebKitX HTML5 Editor (VB6)

This is a simple, yet complete, sample of WebKitX CEF3 ActiveX control. The sample is shipped both as Visual Basic 6 source code project, as well as a complete binary bundle that includes CodeMax Editor ActiveX and CEF3 binaries. The sample demonstrates all WebKitX advanced features including FrontPage-like selection synchronization between HTML5 Designer and Source Editor, Table Editing, Selector API, and advanced CSS3 styling. The binary bundle can be used as a royalties-free stand-alone HTML5 Editor.

Simple Browser (VB6)

This sample demonstrates the WebKitX Browser. You can embed WebKitX in your applications with just 3 lines of code!