The NDEFReader makeReadOnly() method allows web developers to make NFC tags permanently read-only with Web NFC.
Since we’ve shipped Web NFC in Chrome 89, developers have been asking for a way to “lock” NFC tags to prevent malicious users from overwriting their content. See https://github.com/w3c/web-nfc/issues/558 This operation is a one-way process and cannot be reversed. Once an NFC tag has been made read-only, it can't be written anymore. Existing Web NFC restrictions apply to makeReadOnly(): It is only available to top-level frames and secure browsing contexts (HTTPS only). Origins must first request the "nfc" permission while handling a user gesture (e.g. a button click). To then make the NFC tag read-only, the web page must be visible when the user touches an NFC tag with their device, while still handling a user gesture. The browser uses haptic feedback to indicate a tap. Access to the NFC radio is blocked if the display is off or the device is locked. When a page is placed in the background, receiving and pushing NFC content is suspended.
Docs: https://web.dev/nfc/#make-read-only
Samples: https://googlechrome.github.io/samples/web-nfc/
Explainers: https://github.com/w3c/web-nfc/blob/gh-pages/EXPLAINER.md https://github.com/w3c/web-nfc/pull/636