The Permissions API is a web standard that allows developers to query the status of browser permissions programmatically via navigator.permissions.query(). It returns whether a permission is granted, denied, or prompt (meaning the user hasn't decided yet). This enables websites to adapt their UI based on permission states without triggering intrusive permission popups.

The Permissions API is supported in Chrome 43+, Edge 79+, Firefox 46+, Safari 16+, and Opera 30+. However, individual permission descriptors vary — for example, clipboard-read is supported in Chrome and Safari but not Firefox, while camera and microphone are widely supported across all modern browsers.

You can query a wide range of permissions including: geolocation, notifications, camera, microphone, clipboard-read, clipboard-write, push, midi, accelerometer, gyroscope, magnetometer, ambient-light-sensor, background-sync, persistent-storage, display-capture, screen-wake-lock, bluetooth, local-fonts, storage-access, and payment-handler. Support varies by browser — use this tool to see which ones work in your current browser.

A prompt status means the user has neither granted nor denied the permission yet — the browser will show a permission dialog when the website actually requests that API. This is the default state for most permissions on first visit. For sensitive APIs like clipboard-read, the browser may require a user gesture (click or keypress) before even returning a meaningful status.

Yes, for most permissions, the page must be served over HTTPS (a secure context). The navigator.permissions object itself is only available in secure contexts. On localhost, browsers treat the connection as secure for development purposes. If you're on HTTP, many permissions will be unavailable or throw errors.

The Permissions API only queries status — it does not request permissions. To request, you must call the actual API: e.g., navigator.geolocation.getCurrentPosition() for location, Notification.requestPermission() for notifications, or navigator.mediaDevices.getUserMedia() for camera/microphone. After the user responds, the permission state updates accordingly.

Unsupported indicates that your current browser does not recognize that permission descriptor. This could be because: the browser hasn't implemented that specific permission query yet (e.g., local-fonts is only in Chrome 103+), the permission name differs across browsers, or the browser throws a TypeError when attempting to query it. It does not mean the underlying API is unavailable — just that you can't query its permission state through this API.

Yes! The Permissions API provides an onchange event listener on the permission status object. You can use status.addEventListener('change', callback) to detect when a user grants or revokes a permission, allowing your app to react dynamically without polling. This is especially useful for features like live camera/mic indicators.

The clipboard-read permission is considered powerful because it could expose sensitive data from the user's clipboard. To protect privacy, browsers like Chrome require a transient user activation (a recent click, tap, or keypress) before the permission query returns a meaningful result. Without it, the query may reject or return prompt. Clicking the "Check All" button in this tool provides that activation.

The Permissions API queries the user's permission decisions (granted/denied/prompt), while Permissions Policy (formerly Feature Policy) is an HTTP header or <iframe> attribute that controls whether a feature is allowed to be used at all in a given context. For example, a site owner can use Permissions-Policy: camera=() to completely disable camera access for all embedded content, regardless of user permissions. They work at different layers but complement each other for comprehensive permission management.