🔒 Cross-Origin Isolation Tester

Test COOP, COEP, CORP, and Document-Isolation-Policy

This Page's Status

crossOriginIsolated

Checking...

SharedArrayBuffer

Checking...

Cross-Origin-Opener-Policy (COOP) Cross-Origin-Embedder-Policy (COEP) Cross-Origin-Resource-Policy (CORP) Document-Isolation-Policy (DIP) Chrome 125+

Goal: Get crossOriginIsolated: true inside a cross-origin iframe

Target Origin Target Iframe Headers

COOP

COEP

DIP Chrome 125+

Iframe Attributes

credentialless allow="cross-origin-isolated"

Configure options above and click "Test Iframe"

Test fetching a cross-origin resource with different headers

Target URL Target Resource Headers

CORP

Access-Control-Allow-Origin

Fetch Options

Mode

Credentials

Configure options above and click "Test Fetch"

Test postMessage flows like Perfetto's embed API:

Open PostMessage Tester →

Tests iframe, popup, and openee message flows with PING/PONG, trace buffers, and scroll-to-range commands.

For top-level page isolation:

COOP: same-origin + COEP: require-corp

For iframe isolation (Chrome 125+):

Document-Isolation-Policy: isolate-and-require-corp
DIP works in iframes; COOP only works at top-level

To be embeddable when parent has COEP:

CORP: cross-origin