WebX Auditor

Permissions-Policy header present

A Permissions-Policy header explicitly disables powerful browser features (camera, microphone, geolocation, etc.) the site does not use, shrinking the attack surface available to any injected content.

Security Mozilla Web Security: Permissions-Policy Advanced Security Audit
In short

No Permissions-Policy header — powerful browser features are not explicitly restricted. This check is fully automated — the scanner returns a definitive pass or fail.

How to fix it

Add a Permissions-Policy response header disabling unused features, e.g. "geolocation=(), camera=(), microphone=()".

Standards this maps to

Frameworks that require this

Advanced Security Audit

Severity

info — an advisory improvement.

Scans this and 300+ other checks across accessibility, SEO, security & speed — first audit free.

Related checks

Contingency Management PlanData ProtectionSQL Injection ProtectionXSS Protection (CSP preferred over X-XSS-Protection)CSRF Token ValidationSecure File UploadInput ValidationTLS 1.2+ EnforcementSecurity Headers CSP and HSTSCookie Security Flags