HTTP Permissions-Policy xr-spatial-tracking

HTTP/1.1 200 OK
Content-Type: text/html
Permissions-Policy: xr-spatial-tracking=(self), accelerometer=(self), gyroscope=(self)

<!DOCTYPE html>
<html>
<head><title>VR Adventure</title></head>
<body>
  <button id="enter-vr">Enter VR</button>
  <script>
    document.getElementById('enter-vr').addEventListener('click', async () => {
      const xrSession = await navigator.xr.requestSession('immersive-vr', {
        requiredFeatures: ['local-floor', 'bounded-floor']
      });

      xrSession.requestReferenceSpace('local-floor').then(refSpace => {
        // Setup VR rendering with spatial tracking
      });
    });
  </script>
</body>
</html>

HTTP/1.1 200 OK
Content-Type: text/html
Permissions-Policy: xr-spatial-tracking=(self "https://ar-viewer.shop.example.com")

<!DOCTYPE html>
<html>
<head><title>Product AR Preview</title></head>
<body>
  <iframe src="https://ar-viewer.shop.example.com/furniture/chair-123"
          allow="xr-spatial-tracking; camera"></iframe>
</body>
</html>

HTTP/1.1 200 OK
Content-Type: application/json
Permissions-Policy: xr-spatial-tracking=()

{
  "status": "success",
  "product_model_url": "https://cdn.example.com/model.glb"
}