webappsec

Cross-Origin Opener Policy (COOP)

Cross Origin Opener Policy (COOP) is an isolation mechanism that can be used to protect a site’s top level window object from third-party sites. This defends against Tabnabbing and many XS-Leaks. COOP can also be combined with COEP in order to achieve process-isolation and access additional powerful web APIs. See this web.dev article for more background information and an introduction to defending your site with COOP.

Table of Contents