Permissions-Policy: document-domain
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
The HTTP Permissions-Policy header
document-domain directive controls whether the current document is
allowed to set document.domain.
Specifically, where a defined policy blocks use of this feature, attempting
to set document.domain will fail and cause a SecurityError
DOMException to be thrown.
Syntax
http
Permissions-Policy: document-domain=<allowlist>;
<allowlist>-
A list of origins for which permission is granted to use the feature. See
Permissions-Policy> Syntax for more details.
Default policy
The default allowlist for document-domain is *.
Specifications
| Specification |
|---|
| HTML # policy-controlled-features |
Browser compatibility
| desktop | mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
document-domain | ||||||||||||