Skip to content

Permissions Policy

Medium — good to knowSecurity

ELI5 — The Vibe Check

Permissions Policy is Feature Policy's newer, better version. Same concept — control which browser features your site can use. The syntax changed but the mission is the same: lock down what your page and its embeds can do.

Real Talk

Permissions Policy (formerly Feature Policy) is an HTTP header controlling access to browser features and APIs. Uses structured header format: camera=(), microphone=(self), geolocation=(self "https://maps.example.com"). Applies to the document and can restrict embedded iframe permissions.

Show Me The Code

Permissions-Policy: camera=(), microphone=(), geolocation=(self), payment=(self "https://pay.example.com")

When You'll Hear This

"Permissions-Policy: camera=() means no page or iframe can access the camera." / "We allow geolocation only for our own origin — third-party scripts can't request it."

Related Terms

Content Security Policy Headers

CSP tells the browser exactly where scripts, styles, images, and other resources are allowed to load from. If a hacker injects a script pointing to evil.

intermediateSecurity

Feature Policy

Feature Policy (now Permissions Policy) controls which browser features your site and embedded iframes can use. Block camera access? Disable geolocation?

intermediateSecurity

Security Headers

Security Headers are HTTP response headers that tell browsers 'here's how to protect my users.

intermediateSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.