@@ -464,6 +464,30 @@ standard_headers! {
464464/// the browser are set to block them, for example.
465465( Cookie , COOKIE , b"cookie" ) ;
466466
467+ /// Allows a server to declare an embedder policy for a given document.
468+ ///
469+ /// The HTTP `Cross-Origin-Embedder-Policy` (COEP) response header prevents
470+ /// a document from loading any cross-origin resources that don't
471+ /// explicitly grant the document permission (using CORP or CORS).
472+ ( CrossOriginEmbedderPolicy , CROSS_ORIGIN_EMBEDDER_POLICY , b"cross-origin-embedder-policy" ) ;
473+
474+ /// Prevents other domains from opening/controlling a window.
475+ ///
476+ /// The HTTP `Cross-Origin-Opener-Policy` (COOP) response header allows you
477+ /// to ensure a top-level document does not share a browsing context group
478+ /// with cross-origin documents.
479+ ///
480+ /// COOP will process-isolate your document and potential attackers can't
481+ /// access your global object if they were to open it in a popup,
482+ /// preventing a set of cross-origin attacks dubbed XS-Leaks.
483+ ///
484+ /// If a cross-origin document with COOP is opened in a new window, the
485+ /// opening document will not have a reference to it, and the
486+ /// `window.opener` property of the new window will be `null`. This allows
487+ /// you to have more control over references to a window than
488+ /// `rel=noopener`, which only affects outgoing navigations.
489+ ( CrossOriginOpenerPolicy , CROSS_ORIGIN_OPENER_POLICY , b"cross-origin-opener-policy" ) ;
490+
467491 /// Indicates the client's tracking preference.
468492///
469493/// This header lets users indicate whether they would prefer privacy rather
0 commit comments