gyroscope
Permissions-Policy Sensors

Overview

The gyroscope directive controls whether the Generic Sensor API's Gyroscope interface may read angular velocity (rotation rate). Its default allowlist is self, and it powers device orientation and motion sensing, 3D, and VR interactions.

Details

`gyroscope=(self)` limits it to the document's own origin, `gyroscope=()` blocks it entirely, and `gyroscope=(self "https://xr.example.com")` delegates to a named origin. An iframe needs `allow="gyroscope"`, and when embedding a 3D or panorama viewer it is often delegated together with accelerometer and magnetometer (`allow="accelerometer; gyroscope; magnetometer"`).

When the policy denies it, a sensor created with new Gyroscope() emits an error event on activation and provides no readings. Legacy events like DeviceOrientationEvent can also be affected by the related policy. Gyroscope data is a precise motion signal with fingerprinting and side-channel concerns, so it works only in a secure context and the browser may require additional permission. It replaces the gyroscope feature of the legacy Feature-Policy header.

Syntax

Permissions-Policy: gyroscope=(self)

Notes

Related directives