Developers using COEP can now embed third party iframes that do not use COEP themselves. Why we need COEP Some web APIs increase the risk of side-channel attacks such as Spectre. To mitigate that risk, browsers offer an opt-in-based isolated environment called cross-origin isolation, which, among other things, requires deploying COEP. This allows websites to use privileged features including Share