Permissions-Policy: payment

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTTP Permissions-Policy header field's payment directive controls whether the current document is allowed to use the Payment Request API.

Specifically, where a defined policy blocks use of this feature, PaymentRequest() constructor calls will throw a DOMException of type SecurityError.


Permissions-Policy: payment=<allowlist>;

A list of origins for which permission is granted to use the feature. See Permissions-Policy > Syntax for more details.

Default policy

The default allowlist for payment is self.


Payment Request API 1.1
# permissions-policy

Browser compatibility

BCD tables only load in the browser

See also