Cross-Origin-Embedder-Policy - HTTP
the http cross-origin-embedder-policy (coep) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using corp or cors).
... if a cross origin resource supports cors, the crossorigin attribute or the cross-origin-resource-policy header must be used to load it without being blocked by coep.
... examples certain features depend on cross-origin isolation you can only access certain features like sharedarraybuffer objects or performance.now() with unthrottled timers, if your document has a coep header with the value require-corp value set.
... to check if cross origin isolation has been successful, you can test against the crossoriginisolated property available to window and worker contexts: if (crossoriginisolated) { // post sharedarraybuffer } else { // do something else } avoiding coep blockage with cors if you enable coep using require-corp and have a cross origin resource that needs to be loaded, it needs to support cors and you need to explicitly mark the resource as loadable from another origin to avoid blockage from coep.

HTTP headers - HTTP
security cross-origin-embedder-policy (coep) allows a server to declare an embedder policy for a given document.

Planned changes to shared memory - JavaScript
further reading coop and coep explained.