The payment policy controls whether the current document is allowed to use the PaymentRequest interface.

If disallowed in a document, then calls to the PaymentRequest constuctor MUST throw a SecurityError.

How to apply this policy

Send the following HTTP header to control the payment policy, and disallow it on all origins:

Feature-Policy: payment 'none'

Does it work?

Currently Firefox, and Chromium based browsers, such as Google Chrome, Samsung Internet, and Opera, are the only user-agents to support Feature Policy. The minimum version that correctly recognises the payment policy is:

Mozilla Firefox


Google Chrome


Microsoft Edge

Not supported

Apple Safari

Not supported