d6fd0df002
Hint to browsers that we prefer per-origin process isolation. This disables certain unsafe features regarding cross-origin same-site resource sharing. https://web.dev/origin-agent-cluster/#limitations Specification link: https://html.spec.whatwg.org/multipage/origin.html#origin-keyed-agent-clusters This is just a hint to browsers. Depending on resource availability, they may or may not actually allocate a process. For this reason, it's not a robust security feature although it is preferable. This header needs to be active on all pages from an origin for it to work.