Security Test: Excessive Browser Permissions¶

Description¶

Default Severity:

Permissions-Policy header is a security feature that allows developers to control which browser features and APIs can be used by a web page. It helps prevent excessive browser permissions by limiting the features that can be accessed without explicit user consent.

Configuration¶

Identifier: configuration/excessive_browser_permissions

Examples¶

All configuration available:

checks:
  configuration/excessive_browser_permissions:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API6:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`6.2`
GDPR	`Article-25`
SOC2	`CC6`
PSD2	`Article-96`
ISO 27001	`A.12.7`
NIST	`SP800-53`
FedRAMP	`SC-18`
CWE	`732`
CVSS Vector	`AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`
CVSS Score	`3.0`