No Permissions-Policy header

The Permissions-Policy header lets you tell browsers which powerful features your site uses, such as the camera, microphone, location, and payment APIs. Without it, every page on your site implicitly has access to all of these features even if you never use them. If any third-party script on your page is ever compromised, the lack of restrictions means it could attempt to access features like the camera or location without your knowledge. Restricting unused features limits the damage. Add a Permissions-Policy response header that disables the features you do not use. For example: Permissions-Policy: camera=(), microphone=(), geolocation=()