Loading controls...
Control: Site headers must contain Permissions-Policy
Description
The Permissions Policy Header is an added layer of security that helps to restrict from unauthorized access or usage of browser/client features by web resources. This policy ensures the user privacy by limiting or specifying the features of the browsers can be used by the web resources. Permissions Policy provides a set of standard HTTP headers that allow website owners to limit which features of browsers can be used by the page such as camera, microphone, location, full screen etc.
Usage
Run the control in your terminal:
steampipe check net_insights.control.security_headers_permissions_policySnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share net_insights.control.security_headers_permissions_policyPlugins & Tables
Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | website_urls | | Website URLs. |
SQL
with available_headers as ( select url, array_agg(header.key) from net_http_request, jsonb_each(response_headers) as header where url in ( select jsonb_array_elements_text(to_jsonb($1 :: text [ ])) ) group by url)select url as resource, case when array [ 'Permissions-Policy' ] < @ array_agg then 'ok' else 'alarm' end as status, case when array [ 'Permissions-Policy' ] < @ array_agg then url || ' contains required headers ''Permissions-Policy''.' else url || ' missing required headers ''Permissions-Policy''.' end as reasonfrom available_headers;