Cross Origin Policies are special http security headers that define what information can be shared between different sources. Limiting the sharing of information between sources is called Cross-origin Isolation. Cross-origin headers were created to instruct browsers and webservers on how to handle information sharing between different resources. These different sources can be different webservers, processes or different documents or pages in a web browser. This means that when Cross-origin Isolation is active, exchanging information with other sources, is limited by the Cross-origin headers.
The different Cross-Origin headers supported by Really Simple SSL are:
- CORP: Cross-Origin Resource Policy
- COEP: Cross-Origin Embedder Policy
- COOP: Cross-Origin Opener Policy
In this article, we provide instructions for setting the Cross-origin security headers,
To close the Spectre vulnerability, some features were removed from browsers. If your site uses an API which uses for example the sharedArrayBuffer() or high precision timer functionality, Cross-origin Isolation is required to unlock these features. This can be achieved with a combination of Cross-origin Headers. This is not possible for all configurations, but adding the right Cross-origin headers may improve your website’s security.