Window: crossOriginIsolated property - Web APIs

Window: crossOriginIsolated property - Web APIs | MDN

Value

A boolean value.

Examples

Cross-origin isolating a document

To cross-origin isolate a document:

Set the Cross-Origin-Opener-Policy HTTP header to same-origin:
http
```
Cross-Origin-Opener-Policy: same-origin
```

Set the Cross-Origin-Embedder-Policy HTTP header to require-corp or credentialless:

http

Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Embedder-Policy: credentialless

The cross-origin-isolated directive of the Permissions-Policy header must not block access to the feature. Note that the default allowlist of the directive is self, so the permission will be granted by default to cross-origin isolated documents.

Checking if the document is cross-origin isolated

const myWorker = new Worker("worker.js");

if (window.crossOriginIsolated) {
  const buffer = new SharedArrayBuffer(16);
  myWorker.postMessage(buffer);
} else {
  const buffer = new ArrayBuffer(16);
  myWorker.postMessage(buffer);
}

Specifications

Specification
HTML # dom-crossoriginisolated-dev

Browser compatibility

Help improve MDN

Learn how to contribute

This page was last modified on Mar 13, 2025 by MDN contributors.