Shipsafershipsafer.ai
ShipSafer
Scan a site
Headers & Policies

Permissions-Policy

Permissions-Policy (formerly Feature-Policy) is an HTTP header that allows a site to control which browser features and APIs can be used, both by the page itself and by embedded iframes. It can disable access to the camera, microphone, geolocation, payment APIs, and more for third-party content. This reduces the attack surface if malicious ads or injected content try to access sensitive device capabilities. It replaces and extends the older Feature-Policy header.

Official documentation

Why it matters for your website

  • 1Simple HTTP header with immediate security improvement at no performance cost
  • 2Checked by automated security scanners and compliance tools
  • 3Missing headers are flagged as medium-to-high severity findings

Check your site for Permissions-Policy issues

Run a free scan to see if your domain has any Permissions-Policy-related vulnerabilities or misconfigurations.

Related Terms

Browse Glossary

View all 85 terms

Free Security Scan

See your SSL, headers, CORS, DNS, and email security score in seconds.