usbThe usb directive controls whether the WebUSB API (navigator.usb) may communicate directly with USB devices. Its default allowlist is self, and it is a powerful low-level permission that reaches peripherals beyond standard drivers.
`usb=(self)` limits it to the document's own origin, `usb=()` blocks it entirely, and `usb=(self "https://device.example.com")` delegates to a named origin. An iframe needs `allow="usb"`. When the policy denies it, the Promise returned by navigator.usb.requestDevice() rejects with a NotAllowedError.
WebUSB requires a device-chooser prompt via navigator.usb.requestDevice(), and the browser blocks sensitive/protected device classes such as keyboards and mass storage. The policy allowance is only the front gate narrowing which origins may reach it. Because exposing it to arbitrary origins risks firmware tampering and more, it is supported mainly in Chromium-based browsers. It replaces the usb feature of the legacy Feature-Policy header.
Permissions-Policy: usb=(self)