Permissions-Policy: publickey-credentials-get

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTTP Permissions-Policy header publickey-credentials-get directive controls whether the current document is allowed to access the Web Authentication API to retrieve public-key credentials.

Specifically, where a defined policy blocks use of this feature, any attempt to query public key credentials, i.e. via navigator.credentials.get({publicKey: ..., ...})., will result in an error.


Permissions-Policy: publickey-credentials-get=<allowlist>;

A list of origins for which permission is granted to use the feature. See Permissions-Policy > Syntax for more details.

Default policy

The default allowlist for publickey-credentials-get is self.


Web Authentication: An API for accessing Public Key Credentials - Level 3
# sctn-permissions-policy

Browser compatibility

BCD tables only load in the browser

See also