Permissions-Policy: storage-access

Experimental:This is anexperimental technology
Check theBrowser compatibility tablecarefully before using this in production.

The HTTPPermissions-Policyheaderstorage-accessdirective controls whether a document loaded in a third-party context (i.e. embedded in an<iframe>) is allowed to use theStorage Access APIto request access to unpartitioned cookies.

This is relevant to user agents that by default block access to unpartitioned cookies by sites loaded in a third-party context to improve privacy (for example, to prevent tracking).

Specifically, where a defined policy blocks use of this feature,Document.requestStorageAccess()calls will return aPromisethat rejects with aDOMExceptionof typeNotAllowedError.

Syntax

http

Permissions-Policy:storage-access=<allowlist>;

<allowlist>: A list of origins for which permission is granted to use the feature. SeePermissions-Policy> Syntaxfor more details.

Default policy

The default allowlist forstorage-accessis*.

Specifications

Specification
The Storage Access API #permissions-policy-integration

Browser compatibility

BCD tables only load in the browser

Syntax

Default policy

Specifications

Browser compatibility

See also