The Controlled Frame API, available to certain isolated contexts such as Isolated Web Apps (IWAs), allows an app to embed and manipulate arbitrary content.
Please see https://github.com/WICG/controlled-frame for details.
Setting the policy to 1 or leaving it unset allows Isolated Web App origins to use the Controlled Frame.
Setting the policy to 2 blocks Isolated Web App origins from using the Controlled Frame.