I talked about Feature Policy almost 2 years ago and it has seen great adoption since then. As things have progressed  a name change has been proposed and accepted so that the name better describes what it does. Welcome to Permissions Policy!

Feature Policy

You should read my article on Feature Policy if you'd like to know more about what Permissions Policy does as this is just a name as I said so no changes in functionality. That will require us to change the name of our HTTP response header though and I'm going to start flagging this on Security Headers.

Security Headers

As it stands right now, Feature Policy is a required header on Security Headers.

I'm going to be updating Security Headers any minute now so that Permissions Policy is a required header instead and that means sites with a Feature Policy header declared will need to make a small change to update it.

We will also start providing information if Feature Policy is present that it needs to be renamed and I will link to this blog post.

Permissions Policy

The format of the Permissions Policy header is slightly different so it's not a case of a simple rename, there are some formatting changes too. Let's say you had an existing Feature Policy that looked like this:

Feature-Policy: geolocation 'self' https://example.com; microphone 'none'

You would need to change that to the new format of the Permissions Policy header which looks like this:

Permissions-Policy: geolocation=(self "https://example.com"), microphone=()


Like all good Security Headers, Permissions Policy will have a reporting mechanism. We already have support on Report URI for Feature Policy reporting and had many users take part in a successful beta but we saw the name change announced just before we launched support and decided to hold off.

Once the change has landed in Security Headers and we see users starting to switch we will make the minor tweaks needed to Feature Policy reporting, rename it to Permissions Policy reporting and then launch it on Report URI. If you're interested in beta testing Permissions Policy reporting with us then drop a comment below or drop me an email!