The Permissions-Policy HTTP header replaces the existing Feature-Policy header for controlling delegation of permissions and powerful features. The header uses a structured syntax, and allows sites to more tightly restrict which origins can be granted access to features.

Motivation

The Feature Policy API was recently renamed to "Permissions Policy", and the HTTP header has been renamed along with it. At the same time, the community has settled on a new syntax, based on Structured Field Values for HTTP.

Documentation

Specification

Editor's draft

Status in Chromium

Blink


Enabled by default (tracking bug) in:

  • Chrome for desktop release 88
  • Chrome for Android release 88
  • Android WebView release 88

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Owner

Intent to Prototype url

Intent to Prototype thread

Last updated on 2021-05-18