HTTP security header
Cross-Origin-Opener-Policy
Cross-Origin-Opener-Policy (COOP) severs the relationship between a document and cross-origin windows that open or are opened by it, preventing cross-origin attacks that rely on shared browsing contexts and enabling cross-origin isolation for powerful features.
Example
Cross-Origin-Opener-Policy: same-originConfiguration guidance
- Set same-origin to isolate the browsing context.
- Required, with COEP, for cross-origin isolation.
Related headers
Impactr checks security-header configuration as part of testing your web apps and APIs the way an attacker would - and proves what a missing header actually exposes.
Test my app