What it is
Permissions-Policy is a response header that declares which browser features (camera, microphone, geolocation, and others) a page and the content it embeds are allowed to use.
Why it matters
Disabling features you don't need shrinks what a compromised script or an embedded third party can reach. Granting capabilities explicitly and denying the rest by default is a low-effort way to limit the blast radius of a front-end compromise.
How WebGuard checks it
WebGuard reads your response headers and reports whether a Permissions-Policy is present. It only inspects headers your public site already returns.
A sensible starting configuration:
Permissions-Policy: geolocation=(), camera=(), microphone=()