The permissions policy controls which browser features can be used on your website. This is true for both your own content, or embedded content. If you do not use certain browser features, it is strongly advised to fully disallow these features. NB. The Geolocation API can still be used in some instances whereby a map is embedded a geolocation is used to center the map for example. Please make sure you test your website afterwards.
Which option to choose?
For example; if you have a self-hosted video on your website and you want to use ‘autoplay’ as a function, you can do so by setting it to ‘self’, or ‘allow’. If you to make sure other people cannot use autoplay when using your video in an iFrame (e.g. autoplay costs a lot of bandwidth), you can choose ‘self’. If you are not using autoplay as a function it’s highly recommended to disable any feature that can be misused, even if you’re not using it yourself.
- ‘self’ – This will make browser features are only applicable to content which stems from its origin, in this case your website not embedded content for example.
- ‘allow’ – It speaks for itself, a browser feature can be used independent of origin.
- ‘disable’ – It can’t be used from your origin or on your website. This means your content cannot be embedded somewhere and misused with a browser feature.
