Note that this is an enterprise policy and not something a website can enable, only your computer's administrator (you on your personal device, a school admin or employer in the intended case)
The difference between an enterprise device management feature and a web API are... pretty massive.
It doesn't seem particularly unreasonable that a company dealing with sensitive data would want to prevent their less computer-educated employees from falling for self-XSS attacks
