28
667
3,127
Conversation
This Tweet was deleted by the Tweet author. Learn more
Replying to
There's now Cross-Origin-Resource-Policy: same-origin for restricting non-CORP requests like <img> and Cross-Origin-Embedder-Policy: require-corp.
Enabling and Cross-Origin-Embedder-Policy: require-corp and Cross-Origin-Opener-Policy: same-origin provides cross-origin isolation.
