How to add Feature-Policy Security Header

There are following below methods to add Feature-Policy Security Header in Apache or NGINX or .HTACCESS

[1] How to add in Nginx configuration file

There are following code need to add in Nginx configuration file

add_header set Feature-Policy "geolocation 'self'; vibrate 'none'";



[2] How to add in Apache configuration file

There are following code need to add in Apache configuration file

header always set Feature-Policy "geolocation 'self'; vibrate 'none'"



[3] How to add in .htaccess file

There are following code need to add in .htaccess configuration file

<IfModule mod_headers.c>
Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
<IfModule mod_headers.c>

Syntax: Feature-Policy: <directive> <allow-list>

There are following below things, according, website need, can enable/disable Feature-Policy


• Directive: This header accepts 2 directive but on directive can redirect with other directives, as mentioned and described below:

• <directive>: It corresponds to the instructions on how we can use different features and API’s. 

• <allow-list>: It is a list indicating that how the browser feature can be used. 

• <directive>: This directive can redirect to any of the following directive:
•
• accelerometer: Used to get information about acceleration of device

• ambient-light-sensor: Used to get information whether there is enough light in surroundings

• autoplay: Used to control media autoplay settings. Mostly used with audio and video elements

• battery: Used to get the status of battery using Battery Status API

• camera: Used to control video input via a camera of device

• display-capture: Captures screen contents through a screenshot

• document-domain: Used to control the current document’s document domain by setting it or unsetting it

• encrypted-media: Used to control Encrypted Media Extension API (EME)

• fullscreen : Used to control full screen access

• geolocation: Used to show location of user on a map by using geolocation API

• gyroscope: Used to get information about orientation of device accessing gyroscope of device

• layout-animations: Used to show layout animations and transitions

• legacy-image-formats: Displays image in legacy format

• magnetometer: Used to get information about magnetic orientation of device

• microphone: Used for audio input through device’s microphone

• midi: Used to access Web MIDI API

• oversized-images: Used in displaying and downloading large over-sized images

• payment: Controls all payment related activity by using Payment Request API

• picture-in-picture: Allows a video to play in Picture-in-Picture mode

• public key-credentials-get: Uses Web Authentication API and retrieves public-key credentials

• sync-xhr: Used in making synchronous XMLHTTPRequest

• usb: Controls WebUSB API for USB Media access

• wake-lock: Informs the device to not enter power-saving mode by using Wake Lock API

• xr-spatial-tracking: Used to interact with WebXR session by making use of WebXR Device API