You can use this tool to generate a valid Permissions Policy HTTP Header, which can be provided by your web server / web application in order to improve the security of your visitors and the data they may be accessing on your site.

Permissions Policy was previously known as 'Feature Policy', however it wasn't just renamed, the specification was also updated.

The permissions policy is implemented in 2 ways, being a HTTP Header and via attributes on embedded iframe's.

  1. HTTP Header - allow or block the use of browser features in its own frame or in iframes that it embeds.

  2. Embedded iframe's - provides delegated access to browser features from your site to an iframe. This cannot allow features which the parent page is blocked from by the HTTP Header (if set), these attributes can provide delegated access, or block access to features from the iframe.

    Note, the iframe structure is not supported by this tool.


Permissions Policy HTTP Header Generator