diff --git a/docker/ploughshares/app.py b/docker/ploughshares/app.py
index dbc55e2..9a1f6c2 100644
--- a/docker/ploughshares/app.py
+++ b/docker/ploughshares/app.py
@@ -73,15 +73,36 @@ if APP_DOMAIN:
         csp['form-action'] = [csp['form-action'], APP_DOMAIN]
 
 # Configure Permissions-Policy (formerly Feature-Policy)
+# Deny access to all browser features that we don't need
 permissions_policy = {
     'accelerometer': '()',
+    'ambient-light-sensor': '()',
+    'autoplay': '()',
+    'battery': '()',
     'camera': '()',
+    'display-capture': '()',
+    'document-domain': '()',
+    'encrypted-media': '()',
+    'execution-while-not-rendered': '()',
+    'execution-while-out-of-viewport': '()',
+    'fullscreen': '()',
     'geolocation': '()',
     'gyroscope': '()',
+    'hid': '()',
+    'idle-detection': '()',
     'magnetometer': '()',
     'microphone': '()',
+    'midi': '()',
+    'navigation-override': '()',
     'payment': '()',
-    'usb': '()'
+    'picture-in-picture': '()',
+    'publickey-credentials-get': '()',
+    'screen-wake-lock': '()',
+    'serial': '()',
+    'sync-xhr': '()',
+    'usb': '()',
+    'web-share': '()',
+    'xr-spatial-tracking': '()'
 }
 
 # Determine if HTTPS should be forced based on environment