diff --git a/feature-policy/feature-policy-header-policy-allowed-for-all.https.sub.html b/feature-policy/feature-policy-header-policy-allowed-for-all.https.sub.html
new file mode 100644
index 00000000000000..3334b97247e5fd
--- /dev/null
+++ b/feature-policy/feature-policy-header-policy-allowed-for-all.https.sub.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/feature-policy/resources/featurepolicy.js></script>
+  <!-- Feature-Policy: fullscreen *; -->
+  <script>
+  'use strict';
+  var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
+  var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
+  var same_origin_src = '/feature-policy/resources/feature-policy-allowedfeatures.html';
+  var cross_origin_src = cross_origin + same_origin_src;
+  var header_policy = 'Feature-Policy: fullscreen *';
+
+  // Test that fullscreen's allowlist is ['*']
+  test(function() {
+    assert_array_equals(
+      document.policy.getAllowlistForFeature('fullscreen'),
+      ['*']);
+  }, header_policy + ' -- test allowlist is ['*']');
+
+  // Test that fullscreen is allowed on all subframes.
+  test_allowed_feature_for_subframe(
+    header_policy + ' -- test fullscreen is allowed on same-origin subframe',
+    'fullscreen',
+    same_origin_src);
+  test_allowed_feature_for_subframe(
+    header_policy + ' -- test fullscreen is allowed on cross-origin subframe',
+    'fullscreen',
+    cross_origin_src);
+
+  // Dynamically update sub frame's container policy
+  var allow = "fullscreen 'self';"
+  test_allowed_feature_for_subframe(
+    header_policy + ', iframe.allow = ' + allow + ' -- test fullscreen is allowed on same-origin subframe',
+    'fullscreen',
+    same_origin_src,
+    allow);
+
+  test_disallowed_feature_for_subframe(
+    header_policy + ', iframe.allow = ' + allow + ' -- test fullscreen is disallowed on cross-origin subframe',
+    'fullscreen',
+    cross_origin_src,
+    allow);
+  </script>
+</body>
diff --git a/feature-policy/feature-policy-header-policy-allowed-for-all.https.sub.html.sub.headers b/feature-policy/feature-policy-header-policy-allowed-for-all.https.sub.html.sub.headers
new file mode 100644
index 00000000000000..111121a52fbdc9
--- /dev/null
+++ b/feature-policy/feature-policy-header-policy-allowed-for-all.https.sub.html.sub.headers
@@ -0,0 +1 @@
+Feature-Policy: fullscreen *;
diff --git a/feature-policy/feature-policy-header-policy-allowed-for-self.https.sub.html b/feature-policy/feature-policy-header-policy-allowed-for-self.https.sub.html
new file mode 100644
index 00000000000000..60e22f4aec865b
--- /dev/null
+++ b/feature-policy/feature-policy-header-policy-allowed-for-self.https.sub.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/feature-policy/resources/featurepolicy.js></script>
+  <!-- Feature-Policy: fullscreen 'self'; -->
+  <script>
+  'use strict';
+  var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
+  var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
+  var same_origin_src = '/feature-policy/resources/feature-policy-allowedfeatures.html';
+  var cross_origin_src = cross_origin + same_origin_src;
+  var header_policy = 'Feature-Policy: fullscreen \'self\'';
+
+  // Test that fullscreen's allowlist is ['same_origin']
+  test(function() {
+    assert_array_equals(
+      document.policy.getAllowlistForFeature('fullscreen'),
+      [same_origin]);
+  }, header_policy + ' -- test allowlist is [same_origin]');
+
+  // Test that fullscreen is only allowed on same-origin subframe.
+  test_allowed_feature_for_subframe(
+    header_policy + ' -- test fullscreen is allowed on same-origin subframe',
+    'fullscreen',
+    same_origin_src);
+  test_disallowed_feature_for_subframe(
+    header_policy + ' -- test fullscreen is disallowed on cross-origin subframe',
+    'fullscreen',
+    cross_origin_src);
+
+  // Dynamically update sub frame's container policy
+  var allow = "fullscreen 'src';"
+  test_allowed_feature_for_subframe(
+    header_policy + ', iframe.allow = ' + allow + ' -- test fullscreen is allowed on same-origin subframe',
+    'fullscreen',
+    same_origin_src,
+    allow);
+
+  test_allowed_feature_for_subframe(
+    header_policy + ', iframe.allow = ' + allow  + ' -- test fullscreen is allowed on cross-origin subframe',
+    'fullscreen',
+    same_origin_src,
+    allow);
+  </script>
+</body>
diff --git a/feature-policy/feature-policy-header-policy-allowed-for-self.https.sub.html.sub.headers b/feature-policy/feature-policy-header-policy-allowed-for-self.https.sub.html.sub.headers
new file mode 100644
index 00000000000000..0cc259b24f3829
--- /dev/null
+++ b/feature-policy/feature-policy-header-policy-allowed-for-self.https.sub.html.sub.headers
@@ -0,0 +1 @@
+Feature-Policy: fullscreen 'self';
diff --git a/feature-policy/feature-policy-header-policy-allowed-for-some.https.sub.html b/feature-policy/feature-policy-header-policy-allowed-for-some.https.sub.html
new file mode 100644
index 00000000000000..cce2fdb1b9f7d3
--- /dev/null
+++ b/feature-policy/feature-policy-header-policy-allowed-for-some.https.sub.html
@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/feature-policy/resources/featurepolicy.js></script>
+  <!-- Feature-Policy: fullscreen 'self' cross_origin https://www.example.com; -->
+  <script>
+  'use strict';
+  var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
+  var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
+  var same_origin_src = '/feature-policy/resources/feature-policy-allowedfeatures.html';
+  var cross_origin_src = cross_origin + same_origin_src;
+  var header_policy = 'Feature-Policy: fullscreen \'self\' ' + cross_origin +
+  ' https://www.example.com;';
+
+  // Test that fullscreen's allowlist is [same_origin, cross_origin, 'https://www.example.com']
+  test(function() {
+    assert_array_equals(
+      document.policy.getAllowlistForFeature('fullscreen'),
+      [same_origin, cross_origin, 'https://www.example.com']);
+  }, header_policy + ' -- test allowlist is [same_origin, cross_origin, https://www.example.com]');
+
+  // Test that fullscreen is allowed on same_origin, some cross_origin subframes.
+  test_allowed_feature_for_subframe(
+    header_policy + ' -- test fullscreen is allowed on same-origin subframe',
+    'fullscreen',
+    same_origin_src);
+  test_allowed_feature_for_subframe(
+    header_policy + ' -- test fullscreen is allowed on cross-origin ' + cross_origin_src + ' subframe',
+    'fullscreen',
+    cross_origin_src);
+  var cross_origin_src1 = 'https://{{domains[www1]}}:{{ports[https][0]}}' + same_origin_src;
+  test_disallowed_feature_for_subframe(
+    header_policy + ' -- test fullscreen is disallowed on cross-origin ' + cross_origin_src1 + ' subframe',
+    'fullscreen',
+    cross_origin_src1);
+
+  // dynamically update sub frame's container policy
+  var allow = "fullscreen 'none';"
+  test_disallowed_feature_for_subframe(
+    header_policy + ', iframe.allow = ' + allow + ' -- test fullscreen is disallowed on same-origin subframe',
+    'fullscreen',
+    same_origin_src,
+    allow);
+
+  test_disallowed_feature_for_subframe(
+    header_policy + 'iframe.allow = ' + allow + ' -- test fullscreen is disallowed on cross-origin subframe',
+    'fullscreen',
+    cross_origin_src,
+    allow);
+  </script>
+</body>
diff --git a/feature-policy/feature-policy-header-policy-allowed-for-some.https.sub.html.sub.headers b/feature-policy/feature-policy-header-policy-allowed-for-some.https.sub.html.sub.headers
new file mode 100644
index 00000000000000..c2493a089031aa
--- /dev/null
+++ b/feature-policy/feature-policy-header-policy-allowed-for-some.https.sub.html.sub.headers
@@ -0,0 +1 @@
+Feature-Policy: fullscreen 'self' https://{{domains[www]}}:{{ports[https][0]}} https://www.example.com;
diff --git a/feature-policy/feature-policy-header-policy-disallowed-for-all.https.sub.html b/feature-policy/feature-policy-header-policy-disallowed-for-all.https.sub.html
new file mode 100644
index 00000000000000..c025705a36b10e
--- /dev/null
+++ b/feature-policy/feature-policy-header-policy-disallowed-for-all.https.sub.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/feature-policy/resources/featurepolicy.js></script>
+  <!-- Feature-Policy: fullscreen 'none'; -->
+  <script>
+  'use strict';
+  var same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
+  var cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
+  var same_origin_src = '/feature-policy/resources/feature-policy-allowedfeatures.html';
+  var cross_origin_src = cross_origin + same_origin_src;
+  var header_policy = 'Feature-Policy: fullscreen \'none\'';
+
+  // Test that fullscreen's allowlist is []
+  test(function() {
+    assert_array_equals(
+      document.policy.getAllowlistForFeature('fullscreen'),
+      []);
+  }, header_policy + ' -- test allowlist is []');
+
+  // Test that fullscreen is disallowed on all subframes.
+  test_disallowed_feature_for_subframe(
+    header_policy + ' -- test fullscreen is disallowed on same-origin subframe',
+    'fullscreen',
+    same_origin_src);
+  test_disallowed_feature_for_subframe(
+    header_policy + ' -- test fullscreen is disallowed on cross-origin subframe',
+    'fullscreen',
+    cross_origin_src);
+
+  // Dynamically update sub frame's container policy
+  var allow = "fullscreen 'src';"
+  test_disallowed_feature_for_subframe(
+    header_policy + ', iframe.allow = ' + allow + ' -- test fullscreen is disallowed on same-origin subframe',
+    'fullscreen',
+    same_origin_src,
+    allow);
+
+  test_disallowed_feature_for_subframe(
+    header_policy + ', iframe.allow = ' + allow + ' -- test fullscreen is disallowed on cross-origin subframe',
+    'fullscreen',
+    cross_origin_src,
+    allow);
+  </script>
+</body>
diff --git a/feature-policy/feature-policy-header-policy-disallowed-for-all.https.sub.html.sub.headers b/feature-policy/feature-policy-header-policy-disallowed-for-all.https.sub.html.sub.headers
new file mode 100644
index 00000000000000..04d160ae103f91
--- /dev/null
+++ b/feature-policy/feature-policy-header-policy-disallowed-for-all.https.sub.html.sub.headers
@@ -0,0 +1,2 @@
+Feature-Policy: fullscreen 'none';
+
diff --git a/feature-policy/feature-policy-nested-header-policy-allowed-for-all.https.sub.html b/feature-policy/feature-policy-nested-header-policy-allowed-for-all.https.sub.html
new file mode 100644
index 00000000000000..289fd508444d27
--- /dev/null
+++ b/feature-policy/feature-policy-nested-header-policy-allowed-for-all.https.sub.html
@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/feature-policy/resources/featurepolicy.js></script>
+  <script>
+  /*
+  fullscreen is allowed for all at the top-level document. It can be disabled by
+  subframes.
+  */
+  'use strict';
+  const same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
+  const cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
+  const same_origin_src = '/feature-policy/resources/feature-policy-nested-subframe-policy.https.sub.html';
+  const cross_origin_src = cross_origin + same_origin_src;
+
+  /* ------------------------------------------
+     |  top-level document                    |
+     |  ------------------------------------  |
+     |  |  same-origin iframe              |  |
+     |  |  ------------------------------  |  |
+     |  |  |  local and remote iframes  |  |  |
+     |  |  ------------------------------  |  |
+     |  ------------------------------------  |
+     ------------------------------------------ */
+  test_subframe_header_policy('fullscreen', '*', same_origin_src,
+      {local_all: true, local_self: true, local_none: false,
+      remote_all: true, remote_self: true, remote_none: false},
+      'Test nested header policy with local iframe on policy "fullscreen *"');
+  test_subframe_header_policy('fullscreen', '\'self\'', same_origin_src,
+      {local_all: true, local_self: true, local_none: false,
+      remote_all: false, remote_self: false, remote_none: false},
+      'Test nested header policy with local iframe on policy "fullscreen \'self\'"');
+  test_subframe_header_policy('fullscreen', '\'none\'', same_origin_src,
+      {local_all: false, local_self: false, local_none: false,
+      remote_all: false, remote_self: false, remote_none: false},
+      'Test nested header policy with local iframe on policy "fullscreen \'none\'"');
+
+  /* -------------------------------------------
+     |  top-level document                     |
+     |  -------------------------------------  |
+     |  |  cross-origin iframe              |  |
+     |  |  -------------------------------  |  |
+     |  |  |  local and remote iframes   |  |  |
+     |  |  -------------------------------  |  |
+     |  -------------------------------------  |
+     ------------------------------------------- */
+  test_subframe_header_policy('fullscreen', '*', cross_origin_src,
+      {local_all: true, local_self: true, local_none: false,
+      remote_all: true, remote_self: true, remote_none: false},
+      'Test nested header policy with remote iframe on policy "fullscreen *"');
+  test_subframe_header_policy('fullscreen', '\'self\'', cross_origin_src,
+      {local_all: true, local_self: true, local_none: false,
+      remote_all: false, remote_self: false, remote_none: false},
+      'Test nested header policy with remote iframe on policy "fullscreen \'self\'"');
+  test_subframe_header_policy('fullscreen', '\'none\'', cross_origin_src,
+      {local_all: false, local_self: false, local_none: false,
+      remote_all: false, remote_self: false, remote_none: false},
+      'Test nested header policy with remote iframe on policy "fullscreen \'none\'"');
+  </script>
+</body>
diff --git a/feature-policy/feature-policy-nested-header-policy-allowed-for-all.https.sub.html.sub.headers b/feature-policy/feature-policy-nested-header-policy-allowed-for-all.https.sub.html.sub.headers
new file mode 100644
index 00000000000000..111121a52fbdc9
--- /dev/null
+++ b/feature-policy/feature-policy-nested-header-policy-allowed-for-all.https.sub.html.sub.headers
@@ -0,0 +1 @@
+Feature-Policy: fullscreen *;
diff --git a/feature-policy/feature-policy-nested-header-policy-allowed-for-self.https.sub.html b/feature-policy/feature-policy-nested-header-policy-allowed-for-self.https.sub.html
new file mode 100644
index 00000000000000..274b3ebe9073f1
--- /dev/null
+++ b/feature-policy/feature-policy-nested-header-policy-allowed-for-self.https.sub.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/feature-policy/resources/featurepolicy.js></script>
+  <script>
+  /*
+  fullscreen is allowed for 'self' at the top-level document and through the
+  chain of same-origin iframes. It can be enabled by subframes, but otherwise
+  is disallowed everywhere else.
+  */
+  'use strict';
+  const same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
+  const cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
+  const same_origin_src = '/feature-policy/resources/feature-policy-nested-subframe-policy.https.sub.html';
+  const cross_origin_src = cross_origin + same_origin_src;
+
+  /* ------------------------------------------
+     |  top-level document                    |
+     |  ------------------------------------  |
+     |  |  same-origin iframe              |  |
+     |  |  ------------------------------  |  |
+     |  |  |  local and remote iframes  |  |  |
+     |  |  ------------------------------  |  |
+     |  ------------------------------------  |
+     ------------------------------------------ */
+  test_subframe_header_policy('fullscreen', '*', same_origin_src,
+      {local_all: true, local_self: true, local_none: false,
+      remote_all: true, remote_self: true, remote_none: false},
+      'Test nested header policy with local iframe on policy "fullscreen *"');
+  test_subframe_header_policy('fullscreen', '\'self\'', same_origin_src,
+      {local_all: true, local_self: true, local_none: false,
+      remote_all: false, remote_self: false, remote_none: false},
+      'Test nested header policy with local iframe on policy "fullscreen \'self\'"');
+  test_subframe_header_policy('fullscreen', '\'none\'', same_origin_src,
+      {local_all: false, local_self: false, local_none: false,
+      remote_all: false, remote_self: false, remote_none: false},
+      'Test nested header policy with local iframe on policy "fullscreen \'none\'"');
+
+  /* -------------------------------------------
+     |  top-level document                     |
+     |  -------------------------------------  |
+     |  |  cross-origin iframe              |  |
+     |  |  -------------------------------  |  |
+     |  |  |  local and remote iframes   |  |  |
+     |  |  -------------------------------  |  |
+     |  -------------------------------------  |
+     ------------------------------------------- */
+  test_subframe_header_policy('fullscreen', '*', cross_origin_src,
+      {local_all: false, local_self: false, local_none: false,
+      remote_all: false, remote_self: false, remote_none: false},
+      'Test nested header policy with remote iframe on policy "fullscreen *"');
+  test_subframe_header_policy('fullscreen', '\'self\'', cross_origin_src,
+      {local_all: false, local_self: false, local_none: false,
+      remote_all: false, remote_self: false, remote_none: false},
+      'Test nested header policy with remote iframe on policy "fullscreen \'self\'"');
+  test_subframe_header_policy('fullscreen', '\'none\'', cross_origin_src,
+      {local_all: false, local_self: false, local_none: false,
+      remote_all: false, remote_self: false, remote_none: false},
+      'Test nested header policy with remote iframe on policy "fullscreen \'none\'"');
+  </script>
+</body>
diff --git a/feature-policy/feature-policy-nested-header-policy-allowed-for-self.https.sub.html.sub.headers b/feature-policy/feature-policy-nested-header-policy-allowed-for-self.https.sub.html.sub.headers
new file mode 100644
index 00000000000000..0cc259b24f3829
--- /dev/null
+++ b/feature-policy/feature-policy-nested-header-policy-allowed-for-self.https.sub.html.sub.headers
@@ -0,0 +1 @@
+Feature-Policy: fullscreen 'self';
diff --git a/feature-policy/feature-policy-nested-header-policy-disallowed-for-all.https.sub.html b/feature-policy/feature-policy-nested-header-policy-disallowed-for-all.https.sub.html
new file mode 100644
index 00000000000000..f15b43576f2cac
--- /dev/null
+++ b/feature-policy/feature-policy-nested-header-policy-disallowed-for-all.https.sub.html
@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/feature-policy/resources/featurepolicy.js></script>
+  <script>
+  /*
+  fullscreen is disabled at the top-level document, therefore disabled
+  everywhere throughout inheritance.
+  */
+  'use strict';
+  const same_origin = 'https://{{domains[]}}:{{ports[https][0]}}';
+  const cross_origin = 'https://{{domains[www]}}:{{ports[https][0]}}';
+  const same_origin_src = '/feature-policy/resources/feature-policy-nested-subframe-policy.https.sub.html';
+  const cross_origin_src = cross_origin + same_origin_src;
+  const policies = ['*', '\'self\'', '\'none\''];
+
+  for (var i = 0; i < policies.length; i++) {
+    /* ------------------------------------------
+       |  top-level document                    |
+       |  ------------------------------------  |
+       |  |  same-origin iframe              |  |
+       |  |  ------------------------------  |  |
+       |  |  |  local and remote iframes  |  |  |
+       |  |  ------------------------------  |  |
+       |  ------------------------------------  |
+       ------------------------------------------ */
+    test_subframe_header_policy('fullscreen', policies[i], same_origin_src,
+        {local_all: false, local_self: false, local_none: false,
+        remote_all: false, remote_self: false, remote_none: false},
+        'Test nested header policy with local iframe on policy "fullscreen '
+          + policies[i] + '".');
+
+    /* -------------------------------------------
+       |  top-level document                     |
+       |  -------------------------------------  |
+       |  |  cross-origin iframe              |  |
+       |  |  -------------------------------  |  |
+       |  |  |  local and remote iframes   |  |  |
+       |  |  -------------------------------  |  |
+       |  -------------------------------------  |
+       ------------------------------------------- */
+    test_subframe_header_policy('fullscreen', policies[i], cross_origin_src,
+        {local_all: false, local_self: false, local_none: false,
+        remote_all: false, remote_self: false, remote_none: false},
+        'Test nested header policy with remote iframe on policy "fullscreen '
+          + policies[i] + '".');
+}
+  </script>
+</body>
diff --git a/feature-policy/feature-policy-nested-header-policy-disallowed-for-all.https.sub.html.sub.headers b/feature-policy/feature-policy-nested-header-policy-disallowed-for-all.https.sub.html.sub.headers
new file mode 100644
index 00000000000000..961d40336aeb3e
--- /dev/null
+++ b/feature-policy/feature-policy-nested-header-policy-disallowed-for-all.https.sub.html.sub.headers
@@ -0,0 +1 @@
+Feature-Policy: fullscreen 'none';
diff --git a/feature-policy/resources/feature-policy-allowedfeatures.html b/feature-policy/resources/feature-policy-allowedfeatures.html
new file mode 100644
index 00000000000000..9cc8e1e33a32d2
--- /dev/null
+++ b/feature-policy/resources/feature-policy-allowedfeatures.html
@@ -0,0 +1,7 @@
+<script>
+'use strict';
+
+window.onload = function() {
+  parent.postMessage(document.policy.allowedFeatures(), '*');
+}
+</script>
diff --git a/feature-policy/resources/feature-policy-nested-subframe-policy.https.sub.html b/feature-policy/resources/feature-policy-nested-subframe-policy.https.sub.html
new file mode 100644
index 00000000000000..3d9530c26f668a
--- /dev/null
+++ b/feature-policy/resources/feature-policy-nested-subframe-policy.https.sub.html
@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<body>
+<script>
+'use strict';
+var same_origin_src = '/feature-policy/resources/feature-policy-allowedfeatures.html';
+var cross_origin_src = 'https://{{domains[www1]}}:{{ports[https][0]}}' + same_origin_src;
+var subframe_header_policy = '?pipe=header(Feature-Policy, fullscreen ';
+var policy_all = '*';
+var policy_self = '\'self\'';
+var policy_none = '\'none\'';
+
+let local_frame_all = document.createElement('iframe');
+let local_frame_self = document.createElement('iframe');
+let local_frame_none = document.createElement('iframe');
+local_frame_all.src = same_origin_src + subframe_header_policy + policy_all + ';)';
+local_frame_self.src = same_origin_src + subframe_header_policy + policy_self + ';)';
+local_frame_none.src = same_origin_src + subframe_header_policy + policy_none + ';)';
+
+let remote_frame_all = document.createElement('iframe');
+let remote_frame_self = document.createElement('iframe');
+let remote_frame_none = document.createElement('iframe');
+remote_frame_all.src = cross_origin_src + subframe_header_policy + policy_all + ';)';
+remote_frame_self.src = cross_origin_src + subframe_header_policy + policy_self + ';)';
+remote_frame_none.src = cross_origin_src + subframe_header_policy + policy_none + ';)';
+
+window.addEventListener('message', function(evt) {
+  if (evt.source === local_frame_all.contentWindow) {
+    parent.postMessage({frame: 'local', policy: policy_all, allowedfeatures: evt.data}, '*');
+  } else if (evt.source === local_frame_self.contentWindow) {
+    parent.postMessage({frame: 'local', policy: policy_self, allowedfeatures: evt.data}, '*');
+  } else if (evt.source === local_frame_none.contentWindow) {
+    parent.postMessage({frame: 'local', policy: policy_none, allowedfeatures: evt.data}, '*');
+  } else if (evt.source === remote_frame_all.contentWindow) {
+    parent.postMessage({frame: 'remote', policy: policy_all, allowedfeatures: evt.data}, '*');
+  } else if (evt.source === remote_frame_self.contentWindow) {
+    parent.postMessage({frame: 'remote', policy: policy_self, allowedfeatures: evt.data}, '*');
+  } else if (evt.source === remote_frame_none.contentWindow) {
+    parent.postMessage({frame: 'remote', policy: policy_none, allowedfeatures: evt.data}, '*');
+  }
+});
+
+document.body.appendChild(local_frame_all);
+document.body.appendChild(local_frame_self);
+document.body.appendChild(local_frame_none);
+document.body.appendChild(remote_frame_all);
+document.body.appendChild(remote_frame_self);
+document.body.appendChild(remote_frame_none);
+</script>
+</body>
+
diff --git a/feature-policy/resources/featurepolicy.js b/feature-policy/resources/featurepolicy.js
index b08d560d143e65..925408ea8a4e50 100644
--- a/feature-policy/resources/featurepolicy.js
+++ b/feature-policy/resources/featurepolicy.js
@@ -247,3 +247,139 @@ function run_all_fp_tests_allow_all(
       'Feature policy "' + feature_name +
           '" can be disabled in cross-origin iframes using "allow" attribute.');
 }
+
+// This function tests that a given policy allows each feature for the correct
+// list of origins specified by the |expected_policy|.
+// Arguments:
+//     expected_policy: A list of {feature, allowlist} pairs where the feature is
+//         enabled for every origin in the allowlist, in the |policy|.
+//     policy: Either a document.policy or a iframe.policy to be tested.
+//     message: A short description of what policy is being tested.
+function test_allowlists(expected_policy, policy, message) {
+  for (var allowlist of allowlists) {
+    test(function() {
+      assert_array_equals(
+        policy.getAllowlistForFeature(allowlist.feature),
+        allowlist.allowlist);
+    }, message + ' for feature ' + allowlist.feature);
+  }
+}
+
+// This function tests that a subframe's document policy allows a given feature.
+// A feature is allowed in a frame either through inherited policy or specified
+// by iframe allow attribute.
+// Arguments:
+//     test: test created by testharness. Examples: async_test, promise_test.
+//     feature: feature name that should be allowed in the frame.
+//     src: the URL to load in the frame.
+//     allow: the allow attribute (container policy) of the iframe
+function test_allowed_feature_for_subframe(message, feature, src, allow) {
+  let frame = document.createElement('iframe');
+  if (typeof allow !== 'undefined') {
+    frame.allow = allow;
+  }
+  promise_test(function() {
+    frame.src = src;
+    return new Promise(function(resolve, reject) {
+      window.addEventListener('message', function handler(evt) {
+        resolve(evt.data);
+      }, { once: true });
+      document.body.appendChild(frame);
+    }).then(function(data) {
+      assert_true(data.includes(feature), feature);
+    });
+  }, message);
+}
+
+// This function tests that a subframe's document policy disallows a given
+// feature. A feature is allowed in a frame either through inherited policy or
+// specified by iframe allow attribute.
+// Arguments:
+//     test: test created by testharness. Examples: async_test, promise_test.
+//     feature: feature name that should not be allowed in the frame.
+//     src: the URL to load in the frame.
+//     allow: the allow attribute (container policy) of the iframe
+function test_disallowed_feature_for_subframe(message, feature, src, allow) {
+  let frame = document.createElement('iframe');
+  if (typeof allow !== 'undefined') {
+    frame.allow = allow;
+  }
+  promise_test(function() {
+    frame.src = src;
+    return new Promise(function(resolve, reject) {
+      window.addEventListener('message', function handler(evt) {
+        resolve(evt.data);
+      }, { once: true });
+      document.body.appendChild(frame);
+    }).then(function(data) {
+      assert_false(data.includes(feature), feature);
+    });
+  }, message);
+}
+
+// This function tests that a subframe with header policy defined on a given
+// feature allows and disallows the feature as expected.
+// Arguments:
+//     feature: feature name.
+//     frame_header_policy: either *, 'self' or 'none', defines the frame
+//                          document's header policy on |feature|.
+//     src: the URL to load in the frame.
+//     test_expects: contains 6 expected results of either |feature| is allowed
+//                   or not inside of a local or remote iframe nested inside
+//                   the subframe given the header policy to be either *,
+//                   'slef', or 'none'.
+//     test_name: name of the test.
+function test_subframe_header_policy(
+    feature, frame_header_policy, src, test_expects, test_name) {
+  let frame = document.createElement('iframe');
+  promise_test(function() {
+    frame.src = src + '?pipe=sub|header(Feature-Policy,' + feature + ' '
+        + frame_header_policy + ';)';
+    return new Promise(function(resolve, reject) {
+      let results = [];
+      window.addEventListener('message', function handler(evt) {
+        results.push(evt.data);
+        if (results.length >= 6) {
+          resolve(results);
+        }
+      });
+      document.body.appendChild(frame);
+    }).then(function(results) {
+      for (var j = 0; j < results.length; j++) {
+        var data = results[j];
+
+        function test_result(message, test_expect) {
+          if (test_expect) {
+            assert_true(data.allowedfeatures.includes(feature), message);
+          } else {
+            assert_false(data.allowedfeatures.includes(feature), message);
+          }
+        }
+
+        if (data.frame === 'local') {
+          if (data.policy === '*') {
+            test_result('local_all:', test_expects.local_all);
+          }
+          if (data.policy === '\'self\'') {
+            test_result('local_self:', test_expects.local_self);
+          }
+          if (data.policy === '\'none\'') {
+            test_result('local_none:', test_expects.local_none);
+          }
+        }
+
+        if (data.frame === 'remote') {
+          if (data.policy === '*') {
+            test_result('remote_all:', test_expects.remote_all);
+          }
+          if (data.policy === '\'self\'') {
+            test_result('remote_self:', test_expects.remote_self);
+          }
+          if (data.policy === '\'none\'') {
+            test_result('remote_none:', test_expects.remote_none);
+          }
+        }
+      }
+    });
+  }, test_name);
+}