A couple of months ago I talked about a few new features coming to a browser near you that included both COOP and COEP. With the latest version of Chrome released, we now have support via the Reporting API to receive reports for these new features and we're launching support on Report URI today!


For the full details on Cross-Origin Opener Policy and Cross-Origin Embedder Policy, you should read my previous blog post COEP COOP CORP CORS CORB - CRAP that's a lot of new stuff! Both of these new features provide desirable security benefits and the support for reporting allows quick and easy testing before looking to deploy them safely.

Reporting Enabled

This blog post is to announce that these reporting features on Report URI are now out of beta and are available to everyone after being tested for the last few weeks!

As with all other types of report, these new reports are included in your plan (free or paid) and simply count towards your quota as any other report would, if you choose to use them. For previous versions of Chrome to send these reports you had to manually enable the feature in the browser but it is now enabled in all browsers as of Chrome v89 which is why we're ready to launch support on Report URI. You should now receive reports from all of your visitors that have updated their browser which will make testing these new features much easier!

Enabling COOP and COEP

See the above linked blog post for details on how to get started with COOP and COEP, which both have a Report-Only mode the same as that found in CSP to allow for safe testing before enforcing a policy. You can also use Security Headers to scan your site and check your configuration for any problems!

If you have any feedback or questions please feel free to drop by the comments secti0n below or find my contact details available at the top of the page.