Wordpress 5.6.1 - Permissions-Policy Header implementation

Asked 11/2, 2021 at 12:45 Answered 28/4, 2021 at 3:15

Solved wordpress http http-headers wordpress-theming custom-wordpress-pages

1° I need to implement the permissions-policy header in the .htacces file

2° I spent a whole day looking for the header on the internet, but yet, i found only explanations that i did not understand a 100% how to implement that.

3° The better explanation that i found about the header is in this article Permissions-Policy. i inserted this line of code in the .htacces file to make the magic happens, BUT i didn't get the Green Flag on the securityheaders

Permissions-Policy: fullscreen=(self "https://example.com" "https://another.example.com"), geolocation=*, camera=()

4° Please, i'll be extremely grateful for a help!

5° The image shows the result of the security headers scan

Holloway answered 11/2, 2021 at 12:45 Comment(3)

How are you hosting your site? – Crenshaw 11/2, 2021 at 13:7

Shared Hosting. Is there a direct connection between the use of a hosting and the use of Security Headers @PeterBreen ? – Holloway 11/2, 2021 at 13:24

I would be in touch with your hosting company. This is typically not a problem with WordPress sites. – Crenshaw 11/2, 2021 at 14:27

Since no one could directly give me a help, i found by myself the answer that works like a charm.

What is the Permissions Policy header

The Permission Policy header is a security header that controls which browser features can be used. Besides implementing these rules for your own content it can also prevent external iframes from using these browser features, making it a powerful header to secure your site.

This allows you to have fine-grained control over which browser functions your site can use. There are a lot of directives that can be controlled with the Permission Policy header. For an extensive overview of all directives see New Permissions-Policy Directives and Features

And the code inside the .htaccess file is:

<IfModule mod_headers.c>

Header always set Permissions-Policy "geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);"  

</IfModule>

This can help you to get your Permission-Policy Flag on Secury Header.

Holloway answered 16/2, 2021 at 18:49 Comment(2)

I've voted this up, since you went ahead a wrote out a 'default' policy, which is hard to find. But people should be cautious about blindly copying and pasting a policy that might not always be appropriate for their site, without a bit more examination. – Gregson 18/4, 2021 at 14:22

Why this type or word used here? payment=(); camera=(); microphone=();usb=(); – Furuncle 9/11, 2021 at 13:40

Add this in the .htaccess file. It works like a charm.

<IfModule mod_headers.c>
Header always set Permissions-Policy "geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)"
</IfModule>

Liederman answered 28/4, 2021 at 3:15 Comment(1)

This is the new format. Accepted answer is outdated. – Hyperkinesia 1/8, 2022 at 8:45

Recommended topics

Hot tags