permissions

Property Manager name: Permissions-Policy
Behavior version: The v2025-01-13 rule format supports the permissions_policy behavior v1.0.
Rule format status: GA, stable
Access: Read/Write
Allowed in includes: Yes

Manages whether your page and its embedded iframes can access various browser features that affect end-user privacy, security, and performance.

Use this together with request_client_hints.

Option Type Description Requires

Option	Type	Description	Requires
`permissionsPolicyDirective`	string array	Each directive represents a browser feature. Specify the ones you want enabled in a client browser that accesses your content. You can add custom entries or provide pre-set values from the list. For more details on each value, see the guide section for this behavior. battery camera ch-ua ch-ua-arch ch-ua-bitness ch-dpr ch-ua-full-version-list ch-ua-mobile ch-ua-model ch-ua-platform ch-ua-platform-version ch-viewport-width ch-width device-memory display-capture downlink ect fullscreen geolocation microphone rtt		{"displayType":"string array","tag":"input","todo":true}
`allow_list`	string	The features you've set in `permissionsPolicyDirective` are enabled for domains you specify here. They'll remain disabled for all other domains. Separate multiple domains with a single space. To block the specified directives from all domains, set this to `none`. This generates an empty value in the `Permissions-Policy` header.		{"displayType":"string","tag":"input","type":"text"}

permissionsPolicyDirective

string array

Each directive represents a browser feature. Specify the ones you want enabled in a client browser that accesses your content. You can add custom entries or provide pre-set values from the list. For more details on each value, see the guide section for this behavior.

battery
camera
ch-ua
ch-ua-arch
ch-ua-bitness
ch-dpr
ch-ua-full-version-list
ch-ua-mobile
ch-ua-model
ch-ua-platform
ch-ua-platform-version
ch-viewport-width
ch-width 
device-memory 
display-capture
downlink
ect
fullscreen
geolocation
microphone
rtt

{"displayType":"string array","tag":"input","todo":true}

allow_list

string

The features you've set in permissionsPolicyDirective are enabled for domains you specify here. They'll remain disabled for all other domains. Separate multiple domains with a single space. To block the specified directives from all domains, set this to none. This generates an empty value in the Permissions-Policy header.

{"displayType":"string","tag":"input","type":"text"}