Feature-Policy Header

What does it do?

• This security header allows or disallows html 5 features
• none: no html5 features allowed
• self: allowed but only your own domain can use them
• src: content in iframes must come from the same origin as the site
• * all features can be used/called
• <origin(s)>: allows you to pass in allowed origins