What the issue means
A missing Permissions-Policy header means browser features are not explicitly limited for your pages.
Security fix guide
How to Fix a Missing Permissions-Policy Header
A missing Permissions-Policy header means browser features are not explicitly limited for your pages.
Run Full Website Security ScanWhy it matters
Permissions-Policy can reduce unnecessary access to camera, microphone, geolocation, payment, and other browser features.
How to check it
Inspect response headers for Permissions-Policy.
How to fix it
Disable features your application does not need and allow only trusted origins for required features.
Configuration examples
Nginx
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;Apache
Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"Vercel / Next.js
headers: async () => [{ source: "/(.*)", headers: [{ key: "Permissions-Policy", value: "camera=(), microphone=(), geolocation=()" }] }]Cloudflare
Use an edge response header rule to set Permissions-Policy.