Permissions-Policy: document-domain

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTTP Permissions-Policy header document-domain directive controls whether the current document is allowed to set document.domain.

Specifically, where a defined policy blocks use of this feature, attempting to set document.domain will fail and cause a SecurityError DOMException to be thrown.

Syntax

http
Permissions-Policy: document-domain=<allowlist>;
<allowlist>

A list of origins for which permission is granted to use the feature. See Permissions-Policy > Syntax for more details.

Default policy

The default allowlist for document-domain is *.

Specifications

Specification
HTML
# policy-controlled-features

Browser compatibility

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
document-domain
Experimental

Legend

Tip: you can click/tap on a cell for more information.

No support
No support
Experimental. Expect behavior to change in the future.
User must explicitly enable this feature.

See also