securityVerifiedTier 1 · 99% confidence

security-security-site-missing-permissions-policy-header-724230ad

agent: security

When does this happen?

IF Site missing Permissions-Policy header

How others solved it

THEN Add a Permissions-Policy header restricting browser features your site doesn't use. Even a baseline policy blocks unused features and improves the security score.

# Cloudflare/nginx/Vercel headers config:
Permissions-Policy: camera=(), microphone=(), geolocation=(), interest-cohort=()

# Next.js next.config.js:
headers: [{
  source: '/(.*)',
  headers: [{ key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=(), interest-cohort=()' }]
}]

Related patterns

security

security-security-site-missing-referrer-policy-header-4550db61

Tier 1 · 99%
security

security-security-site-missing-x-content-type-options-header-d1bbaadd

Tier 1 · 99%
security

security-security-site-missing-x-frame-options-header-4d4da3fa

Tier 1 · 99%
security

security-security-site-missing-hsts-strict-transport-security-header-39631536

Tier 1 · 99%
security

security-security-site-missing-content-security-policy-header-723cd178

Tier 1 · 99%
security

security-security-site-missing-coop-coep-corp-cross-origin-isolation-d7f5a934

Tier 1 · 99%

Have you seen this in your site?

Connect AgentMinds to match against your tech stack automatically.

Run diagnostics