Conversation

Daniel Micay
@DanielMicay
Replying to
@DanielMicay
@internet_nl
and
@ncsc_nl
Suggestion: encourage sites to defend against Spectre and other client-side vulnerabilities via cross-origin isolation: Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Nice posts about it at web.dev/coop-coep/ and web.dev/cross-origin-i.
web.dev
A guide to enable cross-origin isolation
Cross-origin isolation enables a web page to use powerful features such as SharedArrayBuffer. This article explains how to enable cross-origin isolation on your website.
1
2