The web platform has seen a decade of furious expansion, with websites now able to access USB, vibration, bluetooth, and geolocation, as well as store huge amounts of data on end user devices, trigger background sync and notifications, and even get paid from users’ digital wallets.

But with this expansion has come an increased scope for attacks, costly mistakes and performance regressions. Feature policy is a new feature designed to actually disable or limit features of the platform. With a feature policy, developers can solve performance issues, improve security, police their development team’s best practices, and even stop third party scripts from misbehaving. All with one new HTTP header.

Special thanks to CSS Wizardry, Leeds International Festival, and Stac for supporting this talk.