Permissions-Policy Header

Table of Content


Permissions-Policy: <directive>=<value>; <directive>=<value>


The directives for the Permissions-Policy header are usually in the format of <feature>=(self|none|origin|<origin>). The <feature> is the web feature to control and the value can be any of the following:

  • self: Feature is allowed on the same origin
  • none: Feature is not allowed on any origin
  • origin: Feature is allowed on the specific domain
  • <origin>: Feature is allowed on the specified origin


An example of how to use the Permissions-Policy header. This will disable the geolocation API for all sites.

Permissions-Policy: geolocation=none;

And this will allow only the same origin to use the microphone.

Permissions-Policy: microphone=self;

To allow multiple origins to use the camera:

Permissions-Policy: camera=;

Browser Compatibility

Browser Compatibility
Chrome Supported
Firefox Not Supported
Safari Not Supported
Opera Supported
Edge Supported

How to modify Permissions-Policy header

ModHeader is a Chrome extension which allows you to modify HTTP response headers. To use it with Permissions-Policy header, follow these steps:

  1. Install the ModHeader extension from the Chrome Web Store.
  2. Click on the ModHeader icon in the toolbar and it will open up a pop-up window.
  3. In the response headers section, click on 'Add' button.
  4. Enter Permissions-Policy as the 'Name' and the desired directives in the 'Value' box to modify the Permissions-Policy as required.

The main purpose of modifying Permissions-Policy using ModHeader can be to test how your site behaves with different permission settings, or to enforce strict security measures from the client's side.