Permissions Policy is a standard mechanism which allows Web applications or Websites to restrict which browser APIs can be used on a webpage.

It is strongly encouraged to configure a Permissions Policy on your website, in order to limit the ability of attackers to access sensible information about your visitors.

The notion of Permissions Policy is being developped since 2019 and is already available in major browsers, though all of them do not necessiraly support all the permissions features (see a compatibility matrix on Mozilla Developer Network to learn more).

We have compiled a list of all the currently defined features that can be explicitly enabled or restricted on a web page. In this list, we mark as "experimental" the ones that are only supported by one of the major browser vendors.

The Permissions Policy header assistant

How to install this recipe on my website with

Installing this recipe on your website requires the following steps:

In order to enable Permissions Policy on your website, please choose the features that you want to block on your website, allow, or enable in retricted mode only. If you do not define a value for a given feature, then the default behavior will apply.