Permission Policy Builder

Generate a Permissions-Policy HTTP header to control which browser features your site can access, with threat visualization and multi-platform deployment snippets.

Browser-BasedResponsive UIPrivacy-First
Privacy: Header generation runs locally. Start restrictive, then allow only features your app actually uses.
Quick Presets

Feature Directives

14 features
0Blocked
0Self Only
0All Origins

Generated Header

How it works

How the Permission Policy Builder Works

Generate a Permissions-Policy HTTP header to control which browser features your website can access, including camera, microphone, geolocation, payment, and more.

Choose from strict, moderate, or permissive presets, then fine-tune each directive individually. The tool generates ready-to-use snippets for Nginx, Apache, Express, Next.js, Cloudflare Workers, and raw HTTP headers.

A risk audit highlights dangerous configurations — like allowing all origins for sensitive features — so you can lock down your policy before deploying.