What is the difference between Feature-Policy and Permissions-Policy?

Permissions-Policy is the newer version of the spec. It uses a different syntax (structured headers) and is more versatile. Feature-Policy is now considered legacy.

Will this tool affect my site's SEO?

Indirectly, yes. Faster, more secure sites with better privacy controls are prioritized by modern search engines and improve user trust.

Do I need to include all features in the policy?

No. You only need to define features where you want to deviate from the browser's default behavior (which is usually 'self' for most sensitive APIs).

Can I use this in a meta tag?

No. Unlike CSP, Permissions-Policy can only be set via an HTTP Response Header. It will not function if placed in an HTML meta tag.

What does setting a feature to 'none' really do?

It completely disables the feature for the entire page and all its subresources/iframes, regardless of any other settings or user prompts.

Does this work in all browsers?

Modern versions of Chrome, Edge, and Safari support Permissions-Policy. Older browsers will simply ignore the header without any negative side effects.

Permissions Policy

Permissions Policy Overview

Generate browser feature headers

The Permissions Policy Generator (formerly known as Feature-Policy) is a powerful security tool that allows site owners to selectively enable, disable, and modify the behavior of browser features and APIs across their website. In an era of increasing hardware access (camera, microphone, geolocation), maintaining strict control over which origins can access these features is vital for user privacy and security. Our generator simplifies the creation of the `Permissions-Policy` HTTP header, which provides a structured way to declare exactly which features are allowed in the top-level document and any embedded `iframes`. You can set permissions to 'self' (only your domain), '*' (all domains), or 'none' (completely disabled). This is an essential defense-in-depth strategy: by disabling unused features like 'usb' or 'payment', you ensure that even if a third-party script is compromised, it cannot silently access sensitive user hardware. The tool provides a clean, tactical interface to toggle these features and generates a ready-to-use header string that adheres to the latest W3C specifications.

How to Use Permissions Policy

Review the list of browser features like Camera, Microhphone, and Geolocation
Select the desired permission level for each feature (Self, All, or None)
Use 'Custom' to specify exact origin URLs for specific feature access
Watch the 'Header Intel' terminal generate the policy string in real-time
Copy the resulting 'Permissions-Policy' header
Add it to your server's response headers (via .htaccess, Nginx config, or app middleware)

Frequently Asked Questions

What is the difference between Feature-Policy and Permissions-Policy?: Permissions-Policy is the newer version of the spec. It uses a different syntax (structured headers) and is more versatile. Feature-Policy is now considered legacy.
Will this tool affect my site's SEO?: Indirectly, yes. Faster, more secure sites with better privacy controls are prioritized by modern search engines and improve user trust.
Do I need to include all features in the policy?: No. You only need to define features where you want to deviate from the browser's default behavior (which is usually 'self' for most sensitive APIs).
Can I use this in a meta tag?: No. Unlike CSP, Permissions-Policy can only be set via an HTTP Response Header. It will not function if placed in an HTML meta tag.
What does setting a feature to 'none' really do?: It completely disables the feature for the entire page and all its subresources/iframes, regardless of any other settings or user prompts.
Does this work in all browsers?: Modern versions of Chrome, Edge, and Safari support Permissions-Policy. Older browsers will simply ignore the header without any negative side effects.

Related Dev Tools

IP Geolocation - Find location data for any IP address
Domain Availability - Check if a domain name is available for registration
React Component Gen - Generate boilerplate for React components
.htaccess File Generator - Create Apache redirects and security rules
robots.txt Tester - Test if a specific URL is allowed by robots.txt
JSON to TOON Converter - Optimize JSON for LLMs (30-60% Token Reduction)
Regex Tester - Test and debug regular expressions
UUID Generator - Generate unique identifiers (UUIDs/GUIDs) instantly