How it works
How the Permission Policy Builder Works
Generate a Permissions-Policy HTTP header to control which browser features your website can access, including camera, microphone, geolocation, payment, and more.
Choose from strict, moderate, or permissive presets, then fine-tune each directive individually. The tool generates ready-to-use snippets for Nginx, Apache, Express, Next.js, Cloudflare Workers, and raw HTTP headers.
A risk audit highlights dangerous configurations — like allowing all origins for sensitive features — so you can lock down your policy before deploying.