See whether your site restricts browser access to sensitive APIs like camera, microphone, geolocation, and payment.
The Permissions-Policy header (formerly Feature-Policy) lets you control which browser features and APIs can be used on your page and in embedded iframes.
Setting camera=() disables camera access entirely, preventing malicious scripts or injected iframes from accessing it.
Want a full security audit across 18+ checks? Run a full site scan →