Use the new Cross-Origin-* headers

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Label this issue
Close this issue

There are new headers to increase security in cross-origin contexts.

Cross Origin Embedder Policy (COEB)
Cross Origin Opener Policy (COOP)
Cross Origin Resource Policy (CORP)
Cross Origin Read Blocking (CORB)

This is in addition to Cross Origin Resource Sharing (CORS) headers that we already use.

Additional reading:

https://scotthelme.co.uk/coop-and-coep/
https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html

I will refine this issue's description when work starts on it and we have a clearer idea of what the implementation and the specific headers to be used actually looks like.

Edited Jul 14, 2025 by 🤖 GitLab Bot 🤖