SecureNow
Back to Introduction
Low Risk
Wiki Entry

Missing Permissions-Policy Header

Your site doesn't have a Permissions-Policy header (formerly Feature-Policy). This header controls which browser features and APIs can be used on your site.

Why This Matters

Without a permissions policy, malicious third-party scripts or iframes could access powerful browser features like camera, microphone, geolocation, or payment APIs without your knowledge.

How to Fix
Framework-specific solutions and general best practices

Add a Permissions-Policy header to restrict features you don't need: 'Permissions-Policy: camera=(), microphone=(), geolocation=()'. Only allow features your site actually uses.

Quick Reference
Severity
Low Risk
ID
missing_permissions_policy
AI Assistant Prompt

Copy this prompt to ask an AI for help fixing this vulnerability:

Please fix the "Missing Permissions-Policy Header" security vulnerability in this web application.

The issue is: Your site doesn't have a Permissions-Policy header (formerly Feature-Policy). This header controls which browser features and APIs can be used on your site.

Make a plan and implement based on my project.
    SecureNow - Protect Your Websites in minutes, not days