securityheaders.fyi
Permissions

Permissions-Policy

Build a config with this header →

Permissions-Policy (formerly Feature-Policy) lets you switch off browser features your site doesn't need — camera, microphone, geolocation, payment, USB, and more — so injected or embedded content can't abuse them. Each feature listed with an empty allowlist () is disabled for everyone, including your own origin. Toggle on the features you want to deny below. MDN

Example

Permissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=()

Options

OptionTypeDefaultNotes
deny multitoggle (accelerometer / autoplay / camera / display-capture / fullscreen / geolocation / gyroscope / magnetometer / microphone / midi / payment / usb) geolocation, microphone, camera, payment, usb Each selected feature is denied to all origins via feature=().

Scoring

Contributes up to 5 points to your grade .

Full specification on MDN ↗