Permissions-Policy HTTP Header
Permissions-Policy
Accepted Values
Permissions are defined with a name and value, and are seperated by a comma.
- accelerometer
Control access to accelerometer.
accelerometer=<policy>- ambient-light-sensor
Control access to ambient light sensor.
ambient-light-sensor=<policy>- autoplay
Allow access to autoplay media.
autoplay=<policy>- battery
Control access to battery API.
battery=<policy>- camera
Control access to camera.
camera=<policy>- ch-ua
Control access to the user agent branding and version
ch-ua=<policy>- ch-ua-arch
Control access to the user agent architecture.
ch-ua-arch=<policy>- ch-ua-bitness
Control access to the user agent bitness.
ch-ua-bitness=<policy>- ch-ua-full-version
Control access to the user agent full version.
ch-ua-full-version=<policy>- ch-ua-mobile
Control access to the user agent mobile experience.
ch-ua-mobile=<policy>- ch-ua-model
Control access about the user agent device.
ch-ua-model=<policy>- ch-ua-platform
Control access to the user agent platform.
ch-ua-platform=<policy>- ch-ua-platform-version
Control access to the user agent platform version.
ch-ua-platform-version=<policy>- clipboard-read
Control access to clipboard reading.
clipboard-read=<policy>- clipboard-write
Control access to clipboard writing.
clipboard-write=<policy>- display-capture
Control access to display capture devices.
display-capture=<policy>- document-domain
Control whether page can set document.domain.
document-domain=<policy>- encrypted-media
Control access to encrypted media extensions API.
encrypted-media=<policy>- execution-while-not-rendered
Control if tasks should execute in a frame if hidden.
execution-while-not-rendered=<policy>- execution-while-out-of-viewport
Control if tasks should execute if frame is out of viewport.
execution-while-out-of-viewport=<policy>- fullscreen
Control access to fullscreen API.
fullscreen=<policy>- gamepad
Control access to gamepad API.
gamepad=<policy>- geolocation
Control access to geo location API.
geolocation=<policy>- gyroscope
Control access to gyroscope API.
gyroscope=<policy>- interest-cohort
Control access to Federated Learning of Cohorts.
interest-cohort=<policy>- layout-animations
Control whether page can show layout animations.
layout-animations=<policy>- legacy-image-formats
Control access to legacy image formats.
legacy-image-formats=<policy>- magnetometer
Control access to magnetometer API.
magnetometer=<policy>- microphone
Control access to microphone device.
microphone=<policy>- midi
Control access to MIDI API.
midi=<policy>- navigation-override
Control access to page spatial navigation.
navigation-override=<policy>- oversized-images
Control download and display of large images.
oversized-images=<policy>- payment
Control access to payment request API.
payment=<policy>- picture-in-picture
Control access to picture-in-picture mode.
picture-in-picture=<policy>- publickey-credentials-get
Control access to web authentication API.
publickey-credentials-get=<policy>- screen-wake-lock
Control access to screen wake lock API.
screen-wake-lock=<policy>- speaker-selection
Control access to speaker selection API.
speaker-selection=<policy>- sync-xhr
Control access to XMLHttpRequests.
sync-xhr=<policy>- usb
Control access to web USB API.
usb=<policy>- vr
Control access to WebVR API.
vr=<policy>- web-share
Control access to Navigator.share API.
web-share=<policy>- xr-spatial-tracking
Control access to WebXR API.
xr-spatial-tracking=<policy>
- ()
- Feature is disabled.
- *
- Allowed on this page and all nested contexts of any origin.
- (<domains>)
- A space seperated list of domains for which permission is given. The special value 'self' refers to the current page and all nested contexts on the same origin.