Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents.
COOP will process-isolate your document and potential attackers can't access your global object if they were to open it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks.
If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the
window.opener property of the new window will be
null. This allows you to have more control over references to a window than
rel=noopener, which only affects outgoing navigations.