1. headers http header: cross-origin-embedder-policy

  2. headers http header: cross-origin-embedder-policy: credentialless