Yoryantra
← Back to Tools

Permissions Policy Header Generator

Generate Permissions-Policy headers for browser features like camera, microphone, geolocation, fullscreen, payment, USB, clipboard, autoplay, and more directly in your browser.

Header Settings

Permissions-Policy controls which browser features are allowed on your page and in embedded frames. Browser support can vary, so test the final header on the pages that use these APIs.

Browser Features

Choose which features to include and how each feature should be allowed. Use custom origins only when a trusted third-party origin needs access.

Camera

camera

Controls access to camera devices.

Microphone

microphone

Controls access to microphone devices.

Geolocation

geolocation

Controls browser location access.

Fullscreen

fullscreen

Controls fullscreen API access.

Payment

payment

Controls Payment Request API access.

USB

usb

Controls WebUSB access.

Serial

serial

Controls Web Serial API access.

Bluetooth

bluetooth

Controls Web Bluetooth access where supported.

Clipboard Read

clipboard-read

Controls reading from the clipboard.

Clipboard Write

clipboard-write

Controls writing to the clipboard.

Display Capture

display-capture

Controls screen sharing / display capture.

Web Share

web-share

Controls Web Share API access.

Accelerometer

accelerometer

Controls accelerometer sensor access.

Gyroscope

gyroscope

Controls gyroscope sensor access.

Magnetometer

magnetometer

Controls magnetometer sensor access.

Autoplay

autoplay

Controls autoplay for audio and video media.

Encrypted Media

encrypted-media

Controls Encrypted Media Extensions for protected media.

Picture in Picture

picture-in-picture

Controls picture-in-picture video behavior.

Passkey / WebAuthn Get

publickey-credentials-get

Controls reading public-key credentials with WebAuthn.

Screen Wake Lock

screen-wake-lock

Controls whether the page can keep the screen awake.

XR Spatial Tracking

xr-spatial-tracking

Controls spatial tracking for WebXR experiences.

Output

Generated Permissions-Policy output will appear here.
Permissions-Policy generation happens directly in your browser. Your settings are not uploaded to a server.

Generating Permissions-Policy Headers

Permissions-Policy is a browser security header that controls access to powerful browser features. It can block or limit APIs such as camera, microphone, geolocation, payment, USB, clipboard, fullscreen, display capture, and sensors.

This Permissions Policy Header Generator helps you build a clear header without writing every directive by hand. You can start with a strict, balanced, or media-friendly preset, then adjust each feature based on what your site actually needs.

Creating a Browser Feature Policy Header

  1. Choose a preset or start editing features manually.
  2. Set each feature to none, self, all, or custom origins.
  3. Generate the Permissions-Policy header.
  4. Review warnings for broad or custom access.
  5. Copy the header for your server, CDN, or hosting provider.

Common Permissions Policy Use Cases

  • Blocking camera and microphone on pages that do not need them.
  • Disabling geolocation for privacy-sensitive pages.
  • Allowing fullscreen, picture-in-picture, or WebAuthn only for the same origin.
  • Limiting payment, USB, serial, and Bluetooth APIs.
  • Creating safer defaults for embedded frames.
  • Preparing a modern browser security header for a website.
  • Testing a policy before adding it to a CDN or hosting provider.

Example Permissions-Policy Header

Permissions-Policy: camera=(), microphone=(), geolocation=(), fullscreen=(self)

Only Allow Features You Really Need

A good Permissions-Policy header is usually restrictive. If your page does not use camera, microphone, USB, payment, or geolocation, it is safer to block those features instead of leaving access open.

Some directives may behave differently across browsers because Permissions-Policy support is still not equal everywhere. Test the final header on the pages that use browser APIs, especially if your site embeds third-party frames, payments, sign-in flows, or media tools.

Frequently Asked Questions

What is a Permissions-Policy header?

It is a browser response header that controls which browser features a page or embedded frame is allowed to use. The header can contain one directive or many comma-separated directives.

Is Permissions-Policy the same as Feature-Policy?

Permissions-Policy is the newer name and format. Feature-Policy was the older version used by some browsers in the past.

What does camera=() mean?

It means camera access is disabled for the page and its allowed contexts.

What does fullscreen=(self) mean?

It allows fullscreen only for the same origin.

Does every browser support every directive?

No. Support can vary by directive and browser version. Use the generated header as a starting point, then test the pages that actually use those browser APIs.

Is anything uploaded when I generate the header?

No. The header is generated directly in your browser.