Use the new Cross-Origin-* headers
There are new headers to increase security in cross-origin contexts.
- Cross Origin Embedder Policy (COEB)
- Cross Origin Opener Policy (COOP)
- Cross Origin Resource Policy (CORP)
- Cross Origin Read Blocking (CORB)
This is in addition to Cross Origin Resource Sharing (CORS) headers that we already use.
Additional reading:
- https://scotthelme.co.uk/coop-and-coep/
- https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html
I will refine this issue's description when work starts on it and we have a clearer idea of what the implementation and the specific headers to be used actually looks like.