diff --git a/app.py b/app.py
index 718190bb..c59c6bef 100644
--- a/app.py
+++ b/app.py
@@ -39,6 +39,9 @@ def find_key(token):
     "frame-ancestors": "'none'",
     "object-src": "'none'",
 }
+
+feature_policy = {"geolocation": "'none'"}
+
 app = Flask(__name__, template_folder=ROOT)
 app.config["SECRET_KEY"] = os.urandom(16)
 app.config["SESSION_COOKIE_NAME"] = "__Secure-session"
@@ -47,7 +50,12 @@ def find_key(token):
 app.config["CSRF_COOKIE_HTTPONLY"] = True
 app.config["CSRF_COOKIE_SECURE"] = True
 csrf = SeaSurf(app)
-talisman = Talisman(app, force_https=False, content_security_policy=csp)
+talisman = Talisman(
+    app,
+    force_https=False,
+    content_security_policy=csp,
+    feature_policy=feature_policy,
+)
 
 if "DYNO" in os.environ:
     sslify = SSLify(app, skips=[".well-known"])
@@ -59,13 +67,6 @@ def page_not_found(e):
     return render_template("404.html"), 404
 
 
-@app.after_request
-def add_feature_policy(response):
-    """Add feature policy."""
-    response.headers["Feature-Policy"] = "geolocation 'none'"
-    return response
-
-
 @app.route("/<path:path>")
 def static_proxy(path):
     """Find static files."""
diff --git a/app_test.py b/app_test.py
index 0861e85d..f1b84788 100644
--- a/app_test.py
+++ b/app_test.py
@@ -7,14 +7,7 @@
 from werkzeug.exceptions import NotFound
 from flask_testing import LiveServerTestCase
 
-from app import (
-    acme,
-    find_key,
-    static_proxy,
-    index_redirection,
-    add_feature_policy,
-    page_not_found,
-)
+from app import acme, find_key, static_proxy, index_redirection, page_not_found
 
 from app import ROOT
 from app import app
@@ -49,6 +42,7 @@ def check_security_headers(self, resp):
         self.assertTrue("X-Content-Type-Options" in headers)
         self.assertTrue("Content-Security-Policy" in headers)
         self.assertTrue("Feature-Policy" in headers)
+        self.assertEqual(headers["Feature-Policy"], "geolocation 'none'")
         self.assertEqual(headers["X-Frame-Options"], "SAMEORIGIN")
 
     def check_csrf_cookies(self, resp):
@@ -125,7 +119,6 @@ def test_acme(self):
     def test_index_redirection(self):
         """Test index page redirection."""
         resp = index_redirection()
-        add_feature_policy(resp)
         self.assertEqual(resp.status_code, 200)
         resp.close()
 
@@ -136,7 +129,6 @@ def test_static_proxy(self):
         for h in htmls:
             u = "notes/" + h
             resp = static_proxy(u)
-            add_feature_policy(resp)
             self.assertEqual(resp.status_code, 200)
             resp.close()