1. Web
  2. HTTP
  3. Reference
  4. Headers
  5. Permissions-Policy
  6. fullscreen

Permissions-Policy: fullscreen directive

Limited availability

This feature is not Baseline because it does not work in some of the most widely-used browsers.

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTTP Permissions-Policy header fullscreen directive controls whether the current document is allowed to use Element.requestFullscreen().

By default, top-level documents and their same-origin child frames can request and enter fullscreen mode. This directive allows or prevents cross-origin frames from using fullscreen mode. This includes same-origin frames.

Specifically, where a defined policy blocks use of this feature, requestFullscreen() calls will return a Promise that rejects with a TypeError.

Note: If both this directive (i.e., via the allow attribute) and the allowfullscreen attribute are present on an <iframe> element, this directive takes precedence.

Syntax

http
Permissions-Policy: fullscreen=<allowlist>;
<allowlist>

A list of origins for which permission is granted to use the feature. See Permissions-Policy > Syntax for more details.

Default policy

The default allowlist for fullscreen is self.

Examples

>

General example

SecureCorp Inc. wants to disable the Fullscreen API within all browsing contexts except for its own origin and those whose origin is https://example.com. It can do so by delivering the following HTTP response header to define a Permissions Policy:

http
Permissions-Policy: fullscreen=(self "https://example.com")

With an <iframe> element

FastCorp Inc. wants to disable fullscreen for all cross-origin child frames, except for a specific <iframe>. It can do so by delivering the following HTTP response header to define a Permissions Policy:

http
Permissions-Policy: fullscreen=(self)

Then include an allow attribute on the <iframe> element:

html
<iframe src="https://other.com/videoplayer" allow="fullscreen"></iframe>

iframe attributes can selectively enable features in certain frames, and not in others, even if those frames contain documents from the same origin.

Specifications

Specification
Fullscreen API>
# permissions-policy-integration>

Browser compatibility

See also

Help improve MDN

Learn how to contribute

This page was last modified on by MDN contributors.

View this page on GitHubReport a problem with this content