diff --git a/extensions/amp-consent/0.1/consent-ui.js b/extensions/amp-consent/0.1/consent-ui.js
index 933d39ac3609..c8bbe2446542 100644
--- a/extensions/amp-consent/0.1/consent-ui.js
+++ b/extensions/amp-consent/0.1/consent-ui.js
@@ -42,6 +42,8 @@ const ALLOWED_SANDBOX_ATTRIBUTES = [
 
 const IFRAME_RUNNING_TIMEOUT = 1000;
 
+const IFRAME_ALLOWED_PERMISSIONS = ['geolocation', 'payment'];
+
 export const actionState = {
   error: 'error',
   success: 'success',
@@ -471,6 +473,7 @@ export class ConsentUI {
     const iframe = this.parent_.ownerDocument.createElement('iframe');
     const sandbox = this.getSandboxAttribute_(promptUISrc);
     iframe.setAttribute('sandbox', sandbox);
+    iframe.setAttribute('allow', IFRAME_ALLOWED_PERMISSIONS.join('; '));
     const {classList} = iframe;
     classList.add(consentUiClasses.fill);
     // Append iframe lazily to save resources.
diff --git a/extensions/amp-consent/0.1/test/test-consent-ui.js b/extensions/amp-consent/0.1/test/test-consent-ui.js
index b6cd9a258445..49fefd376081 100644
--- a/extensions/amp-consent/0.1/test/test-consent-ui.js
+++ b/extensions/amp-consent/0.1/test/test-consent-ui.js
@@ -148,6 +148,9 @@ describes.realWin(
         expect(consentUI.ui_.getAttribute('sandbox')).to.equal(
           'allow-scripts allow-popups allow-same-origin'
         );
+        expect(consentUI.ui_.getAttribute('allow')).to.equal(
+          'geolocation; payment'
+        );
       });
 
       it('should allow additional sandbox restriction to be removed from iframe', function* () {