Enforce Process Isolation
for your origin

Enable powerful browser APIs and defend against attacks

Cross-Origin Opener Policy

  • Keep visitor data safe by process-isolating your origin
  • Mitigation for dangerous attacks like Spectre
  • Enable powerful APIs like SharedArrayBuffer and
  • A required step towards Cross-Origin Read Blocking

Easy Setup

COOP is enabled with a single HTTP Response Header, requiring only a single line of code or config.

There is a safe test mode for COOP, meaning you can gather feedback about the impact on your site without any risk.

Multipurpose Feature

Cross-Origin Opener Policy allows you to mitigate dangerous attacks and have access to powerful browser APIs that require COOP to be enabled.

You can choose to use COOP for either of these reasons and still gain the advantages of both.

Related Features

Alongside enabling Cross-Origin Opener Policy, you should also consider Cross-Origin Embedder Policy.

COEP Reports

Require all assets are loaded with CORS or CORP enabled.

COEP Reports