Permissions-Policy: document-domain
{{HTTPSidebar}} {{SeeCompatTable}}
The HTTP {{HTTPHeader("Permissions-Policy")}} header
document-domain directive controls whether the current document is
allowed to set {{domxref("document.domain")}} .
Specifically, where a defined policy blocks use of this feature, attempting
to set {{domxref("document.domain")}} will fail and cause a SecurityError
{{domxref("DOMException")}} to be thrown.
Syntax
Permissions-Policy: document-domain=<allowlist>;
<allowlist>- : A list of origins for which permission is granted to use the feature. See
Permissions-Policy> Syntax for more details.
- : A list of origins for which permission is granted to use the feature. See
Default policy
The default allowlist for document-domain is *.
Specifications
{{Specifications}}
Browser compatibility
{{Compat}}
See also
{{HTTPHeader("Permissions-Policy")}}header- Permissions Policy