permissions_​policy

Version: v2025-01-13Includes use: Yes

Behavior name: Permissions-Policy

Manages whether your page and its embedded iframes can access various browser features that affect end-user privacy, security, and performance.

Use this together with request_client_hints.

Default behavior

These samples reflect the behavior's default settings. You can use these as is in your configurations or make adjustments based on the behavior's available options.

data "akamai_property_rules_builder" "permissions_policy" {
  rules_v2025_02_18 {
    name     = "Permissions-Policy"
    comments = "Manages whether your page and its embedded iframes can access various browser features that affect end-user privacy, security, and performance."
    behavior {
      permissions_policy {
        allow_list = ""
        permissions_policy_directive = []
      }
    }
  }
}
"behaviors": [
  {
    "name": "permissionsPolicy",
    "options": {
    "allowList": "",
    "permissionsPolicyDirective": []
  }
  }
]

Options

Option Description
permissions_policy_directive
Each directive represents a browser feature. Specify the ones you want enabled in a client browser that accesses your content. You can add custom entries or provide pre-set values from the list. For more details on each value, see the guide section for this behavior. Possible values are:
  • battery
  • camera
  • ch-ua
  • ch-ua-arch
  • ch-ua-bitness
  • ch-dpr
  • ch-ua-full-version-list
  • ch-ua-mobile
  • ch-ua-model
  • ch-ua-platform
  • ch-ua-platform-version
  • ch-viewport-width
  • ch-width
  • device-memory
  • display-capture
  • downlink
  • ect
  • fullscreen
  • geolocation
  • microphone
  • rtt
allow_list
The features you've set in permissions_policy_directive are enabled for domains you specify here. They'll remain disabled for all other domains. Separate multiple domains with a single space. To block the specified directives from all domains, set this to none. This generates an empty value in the Permissions-Policy header.