| Details | |
|---|---|
| Alert ID | 10063-1 |
| Alert Type | Passive |
| Status | beta |
| Risk | Low |
| CWE | 693 |
| WASC | 15 |
| Technologies Targeted | All |
| Tags |
CWE-693 OWASP_2017_A05 OWASP_2021_A01 |
| More Info |
Scan Rule Help |
Summary
Permissions Policy Header is an added layer of security that helps to restrict from unauthorized access or usage of browser/client features by web resources. This policy ensures the user privacy by limiting or specifying the features of the browsers can be used by the web resources. Permissions Policy provides a set of standard HTTP headers that allow website owners to limit which features of browsers can be used by the page such as camera, microphone, location, full screen etc.
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header.Other Info
References
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
- https://developer.chrome.com/blog/feature-policy/
- https://scotthelme.co.uk/a-new-security-header-feature-policy/
- https://w3c.github.io/webappsec-feature-policy/
- https://www.smashingmagazine.com/2018/12/feature-policy/