Cross‑Origin Embedder Policy (COEP)

Response header requiring cross‑origin resources to opt‑in to being embedded, enabling powerful APIs with isolation.

#web#security#headers

Last updated: 2025-09-07T00:00:00.000Z

Evidence

OTHER HTML/FETCH — Cross‑Origin Embedder Policy Normative evidence
html.spec.whatwg.org

More context

COEP requires CORP or CORS on embedded resources, supporting cross‑origin isolation.