crossOriginIsolated global property

The global crossOriginIsolated read-only property returns a boolean value that indicates whether the website is in a cross-origin isolation state. That state mitigates the risk of side-channel attacks and unlocks a few capabilities:

• SharedArrayBuffer can be created and sent via a Window.postMessage() call.
• Performance.now() offers better precision.
• Performance.measureUserAgentSpecificMemory() can be accessed.

A website is in a cross-origin isolated state, when the response header Cross-Origin-Opener-Policy has the value same-origin and the Cross-Origin-Embedder-Policy header has the value require-corp or credentialless .

Value

Examples

const myWorker = new Worker("worker.js");
if (crossOriginIsolated) {
  const buffer = new SharedArrayBuffer(16);
  myWorker.postMessage(buffer);
} else {
  const buffer = new ArrayBuffer(16);
  myWorker.postMessage(buffer);
Specifications
Specification
HTML Standard 
# dom-crossoriginisolated-dev
Browser compatibility
© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.

https://developer.mozilla.org/en-US/docs/Web/API/crossOriginIsolated