private/permissions/host_permissions.html

Specifies a <em>host permission</em>. Required if the extension or app wants to interact with the code running on pages. Many capabilities, such as <a href="xhr">cross-origin XMLHttpRequests</a>, <a href="content_scripts#pi">programmatically injected content scripts</a>, and <a href="cookies">the extension's cookies API</a> require host permissions. For details on the syntax, see <a href="match_patterns">Match Patterns</a>. A path is allowed but treated as <code>/*</code>.