Thanks for reaching out!
Paraphrasing:
featurePolicy.features() is the list of feature policies allowed by the browser regardless of whether they are in force.
featurePolicy.allowedFeatures() are the features that are allows in a given document. The conversion-measurement feature policy (which has been renamed to attribution-reporting in Chrome 92+) is allowed by default in the top-level document, and all same-origin iframes. But disallowed in cross-origin iframes.
So as an example:
If I am on page 'news.example', and I have two iframes, iframe A whose src is 'news.example/embed' and iframe B whose src is 'thirdparty.example':
'conversion-measurement' will be allowed in the top page and in iframe A. But will be disabled in iframe B. In order to enable in iframe B, you will need to set an 'allow="conversion-measurement"' attribute on the iframe.
It's also possible for a page to disable a feature policy via an HTTP header, in which case it will be present in features() but not present in allowedFeatures().
I will add a caveat that this behavior is more complicated when combined with origin trials. While the API is in Origin Trial, you will need to embed an Origin Trial token in order for the "conversion-measurement" feature to appear in featurePolicy.features() to begin with. There is more info on running an Origin Trial here:
https://web.dev/using-conversion-measurement/
Similarly, Origin Trials need to be enabled in every iframe that use the feature as well as the top-level page.
I realize that's a lot of info, so feel free to let me know if anything was confusing or if I missed anything.
Thanks again!