permissions_policy

Suggest Edits

Version: `v2025-01-13`	Includes use: Yes

Behavior name: Permissions-Policy

Manages whether your page and its embedded iframes can access various browser features that affect end-user privacy, security, and performance.

Use this together with request_client_hints.

Default behavior

These samples reflect the behavior's default settings. You can use these as is in your configurations or make adjustments based on the behavior's available options.

data "akamai_property_rules_builder" "permissions_policy" {
  rules_v2025_02_18 {
    name     = "Permissions-Policy"
    comments = "Manages whether your page and its embedded iframes can access various browser features that affect end-user privacy, security, and performance."
    behavior {
      permissions_policy {
        allow_list = ""
        permissions_policy_directive = []
      }
    }
  }
}

"behaviors": [
  {
    "name": "permissionsPolicy",
    "options": {
    "allowList": "",
    "permissionsPolicyDirective": []
  }
  }
]

Options

Option Description

Option	Description
`permissions_policy_directive`	String array Each directive represents a browser feature. Specify the ones you want enabled in a client browser that accesses your content. You can add custom entries or provide pre-set values from the list. For more details on each value, see the guide section for this behavior. Possible values are: `battery` `camera` `ch-ua` `ch-ua-arch` `ch-ua-bitness` `ch-dpr` `ch-ua-full-version-list` `ch-ua-mobile` `ch-ua-model` `ch-ua-platform` `ch-ua-platform-version` `ch-viewport-width` `ch-width` `device-memory` `display-capture` `downlink` `ect` `fullscreen` `geolocation` `microphone` `rtt`
`allow_list`	String The features you've set in `permissions_policy_directive` are enabled for domains you specify here. They'll remain disabled for all other domains. Separate multiple domains with a single space. To block the specified directives from all domains, set this to `none`. This generates an empty value in the `Permissions-Policy` header.

permissions_policy_directive

String array

Each directive represents a browser feature. Specify the ones you want enabled in a client browser that accesses your content. You can add custom entries or provide pre-set values from the list. For more details on each value, see the guide section for this behavior. Possible values are:

battery
camera
ch-ua
ch-ua-arch
ch-ua-bitness
ch-dpr
ch-ua-full-version-list
ch-ua-mobile
ch-ua-model
ch-ua-platform
ch-ua-platform-version

ch-viewport-width
ch-width
device-memory
display-capture
downlink
ect
fullscreen
geolocation
microphone
rtt

allow_list

String

The features you've set in permissions_policy_directive are enabled for domains you specify here. They'll remain disabled for all other domains. Separate multiple domains with a single space. To block the specified directives from all domains, set this to none. This generates an empty value in the Permissions-Policy header.

Updated about 1 hour ago