tighten conf snippet local-securityheaders to permit no features

1 files changed, 1 insertions, 1 deletions

diff --git a/apache2/conf-available/local-securityheaders.conf b/apache2/conf-available/local-securityheaders.conf
index ce8561f..07e5723 100644
--- a/apache2/conf-available/local-securityheaders.conf
+++ b/apache2/conf-available/local-securityheaders.conf
@@ -43,4 +43,4 @@ Header always set Content-Security-Policy "default-src 'none'; script-src 'self'
 
 # More info: <https://www.w3.org/TR/permissions-policy-1/>
 # feature list: <https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md>
-Header always set Permissions-Policy "accelerometer(self), ambient-light-sensor(self), autoplay(self), battery(self), camera(self), cross-origin-isolated(self), display-capture(self), document-domain(self), encrypted-media(self), execution-while-not-rendered(self), execution-while-out-of-viewport(self), fullscreen(self), geolocation(self), gyroscope(self), magnetometer(self), microphone(self), midi(self), navigation-override(self), payment(self), picture-in-picture(self), publickey-credentials-get(self), screen-wake-lock(self), sync-xhr(self), usb(self), web-share(self), xr-spatial-tracking(self)"
+Header always set Permissions-Policy "accelerometer(), ambient-light-sensor(), autoplay(), battery(), camera(), cross-origin-isolated(), display-capture(), document-domain(), encrypted-media(), execution-while-not-rendered(), execution-while-out-of-viewport(), fullscreen(), geolocation(), gyroscope(),  layout-animations(), legacy-image-formats(), magnetometer(), microphone(), midi(), oversized-images(), navigation-override(), payment(), picture-in-picture(), publickey-credentials-get(), screen-wake-lock(), sync-xhr(), usb(), vr(), wake-lock(), web-share(), xr-spatial-tracking()"