Security Server response header - Permissions-Policy

What is Permissions Policy header?​

HTTP Permissions-Policy security header specifies which browser features can and cannot be used. This can help to improve the privacy and security of the website, like turning off the camera and microphone. Can also be used to enforce guidelines (such as blocking buttons or large images).

Basic directives​

autoplay - determines whether automatic playback of video and audio is allowed on the page;​
camera - controls access to the device's camera;​
accelerometer - controls access to the device's accelerometer, data from which can be used to determine the time and location;​
fullscreen - determines whether the web page is allowed to switch to full screen display mode;​
geolocation - controls access to the device's location using GPS or other location methods;​
gyroscope - controls access to the device's gyroscope;​
magnetometer - controls access to the device's compass (magnetometer), which can be used for positioning;​
microphone - is responsible for access to the device's microphone;​
payment - responsible for accessing payment requests that store information about the owner of the credit card, purchase history, etc.;​

Using Permissions-Policy in nginx.conf (NGINX):
add_header Permissions-Policy "microphone=(),camera=(),geolocation=()";
In this example, we turn off the microphone, camera, and geolocation.

Using Permissions-Policy in httpd.conf (Apache):
Header set Permissions-Policy "microphone=(),camera=(),geolocation=()"

Using Permissions-Policy in .htaccess:
<IfModule mod_headers.c>
   Header always set Permissions-Policy "microphone=(),camera=(),geolocation=()"
</IfModule>
 
Top