What it is
Permissions-Policy (formerly Feature-Policy) is an HTTP response header that controls which browser features and APIs (camera, microphone, geolocation, etc.) can be used by your page and embedded frames.
Why it matters
Restricting unnecessary features reduces attack surface and prevents embedded content from using sensitive APIs. Monitoring ensures the header is present and correctly scoped so you don't accidentally allow features you don't need.
How Barrion checks it
Barrion inspects the Permissions-Policy (and legacy Feature-Policy) response header. We report when it is missing or when high-risk features are allowed broadly. Passive header check only.
Configuration examples
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;Verify it
curl -sI https://example.com | grep -i permissions-policy