Missing cross-origin embedder policy (COEP) #1252
Description
The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading
any cross-origin resources that don't explicitly grant permission to the document; permissions are
granted using a Cross-Origin Resource Policy (CORP) or Cross-Origin Resource Sharing (CORS).
Recommendation:
Set Cross-Origin-Embedder-Policy: require-corp on all responses where it will not interfere with
necessary operation. If a cross-origin resource needs to be loaded, ensure that it supports CORS and
explicitly mark the resource as loadable from another origin to avoid blockage from COEP.