Permissions-Policy: document-domain

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTTP Permissions-Policy header document-domain directive controls whether the current document is allowed to set document.domain.

Specifically, where a defined policy blocks use of this feature, attempting to set document.domain will fail and cause a SecurityError DOMException to be thrown.


Permissions-Policy: document-domain=<allowlist>;

A list of origins for which permission is granted to use the feature. See Permissions-Policy > Syntax for more details.

Default policy

The default allowlist for document-domain is *.


HTML Standard
# policy-controlled-features

Browser compatibility

BCD tables only load in the browser

See also