← Back to Security Headers

Permissions-Policy

Controls which browser features and APIs can be used in your site.

Permissions-Policy

Purpose

Restricts access to powerful browser APIs, reducing attack surface and improving privacy.

Implementation

Disable or allow specific features:

```
Permissions-Policy: geolocation=(), microphone=(), camera=()
```

Examples

geolocation=(), microphone=(), camera=()
payment=(self)
accelerometer=(), gyroscope=()

Best Practices

✓Disable features you don't need
✓Use self for same-origin only
✓Review and test feature usage

Common Mistakes

✗Not setting the header
✗Allowing unnecessary features
✗Breaking legitimate functionality

Related Headers

Content-Security-Policy

References

MDN Web Docs →

Test Your Configuration

Run a free security scan to check if Permissions-Policy is properly configured on your site.