what permissions are you talking about? No user permissions/any insecure permissions are needed to navigate cross origin iframes, shadow DOMs and likewise. It comes down to your architecture choices and capabilities - rtrvr can navigate these diff realms without ever taking debugger or such insecure permissions