Open jamie-taylor-rjj opened 1 year ago
The HTTP Cross-Origin-Embedder-Policy (COEP) response header configures embedding cross-origin resources into the document.
Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy
OWASP recommended value (as of May 11th, 2023): Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Embedder-Policy: require-corp
This value means that "A document can only load resources from the same origin, or resources explicitly marked as loadable from another origin."
10k ft View
Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy
OWASP recommended value (as of May 11th, 2023):
Cross-Origin-Embedder-Policy: require-corpThis value means that "A document can only load resources from the same origin, or resources explicitly marked as loadable from another origin."
Resources