The Permissions Policy (formerly called Feature-Policy) is a security header that allows website administrators to manage which browser functions the site should be able to utilize. It is an extra security measure to prevent malicious use of these browser functions. The header restricts how browser functions can be used for your own content, and can also prevent iframes that your site embeds from using them.
Why should a website set the Permissions Policy header?
Just like all other security headers, the Permissions Policy provides instructions for browsers that should be set on the website. The Permissions Policy specifically instructs the browser which browser functions should be available. For example, if the site (intentionally or through malicious code) attempts to use the camera, the browser will not allow this if the Permissions Policy disabled the Camera function.
For more in-depth information and instructions regarding usage of the Permissions Policy header, please read our dedicated article.
