Http Permissions Policy Header Missing
Description
Detects when a web application response is missing the Permissions-Policy HTTP header. The Permissions Policy header is a critical security control that allows websites to explicitly control which browser features and APIs can be used in the application context, helping prevent potential abuse of powerful browser capabilities.
Detection Strategy
• Examines HTTP response headers from the web application
• Reports a vulnerability when the Permissions-Policy header is completely absent from the response headers
• The vulnerability is triggered regardless of other security headers that may be present
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.