Explain
COEP (Cross-Origin-Embedder-Policy)
Controls which cross-origin resources can be loaded by requiring CORP/CORS compliance (often used for cross-origin isolation).
InfoCategory: headers
What it is
COEP tells the browser to block cross-origin resources unless they explicitly grant permission via CORS or CORP.
Common values
- require-corp (most common)
- credentialless (advanced)
Impact
- Can break third-party embeds/resources if they don’t send the right CORS/CORP headers.
- Often paired with COOP to achieve cross-origin isolation.
Related guides