1. headers http header: cross-origin-embedder-policy