diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php
index 27936cf6e02..ad4befadad6 100644
--- a/htdocs/admin/system/security.php
+++ b/htdocs/admin/system/security.php
@@ -497,9 +497,11 @@ print '<br>';
 print '<strong>WEBSITE_MAIN_SECURITY_FORCERP</strong> = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCERP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->WEBSITE_MAIN_SECURITY_FORCERP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or")." \"strict-origin-when-cross-origin\")</span><br>";
 print '<br>';
 
-print '<strong>WEBSITE_MAIN_SECURITY_FORCESTS</strong> = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCESTS) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->WEBSITE_MAIN_SECURITY_FORCESTS).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"max-age=31536000; includeSubDomaines\")</span><br>";
+print '<strong>WEBSITE_MAIN_SECURITY_FORCESTS</strong> = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCESTS) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->WEBSITE_MAIN_SECURITY_FORCESTS).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"max-age=31536000; includeSubDomains\")</span><br>";
 print '<br>';
 
+print '<strong>WEBSITE_MAIN_SECURITY_FORCEPP</strong> = '.(empty($conf->global->WEBSITE_MAIN_SECURITY_FORCEPP) ? '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>' : $conf->global->WEBSITE_MAIN_SECURITY_FORCEPP).' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"camera: 'none'; microphone: 'none';\")</span><br>";
+print '<br>';
 
 print '<br>';
 
diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php
index 7f456c14c2e..3bbfe225bee 100644
--- a/htdocs/core/website.inc.php
+++ b/htdocs/core/website.inc.php
@@ -141,12 +141,23 @@ if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) {
 	if (!defined('WEBSITE_MAIN_SECURITY_FORCESTS')) {
 		// The constant WEBSITE_MAIN_SECURITY_FORCESTS should never be defined by page, but the variable used just after may be
 
-		// Example: "max-age=31536000; includeSubDomaines"
+		// Example: "max-age=31536000; includeSubDomains"
 		$sts = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCESTS');
 		if (!empty($sts)) {
 			header("Strict-Transport-Security: ".$sts);
 		}
 	}
+
+	// Permissions-Policy (old name was Feature-Policy)
+	if (!defined('WEBSITE_MAIN_SECURITY_FORCEPP')) {
+		// The constant WEBSITE_MAIN_SECURITY_FORCEPP should never be defined by page, but the variable used just after may be
+
+		// Example: "camera: 'none'; microphone: 'none';"
+		$pp = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCEPP');
+		if (!empty($pp)) {
+			header("Permissions-Policy: ".$pp);
+		}
+	}
 }
 
 // A lang was forced, so we change weblangs init