Cross-Origin-Embedder-Policy (COEP) is a response header that lets a
page opt in to more restrictive handling. The Google Publisher Tag
(GPT) does not yet support pages served with this restriction;
thus, we recommend publishers affected by Chrome's
SharedArrayBuffer deprecation opt their site out by
applying for the reverse Origin Trial until Chrome
supports combining COEP with ads.
How do I know if my site is affected?
Chrome has documentation describing how to use Chrome DevTools
to determine whether your site uses SharedArrayBuffer. If DevTools tells you
that the use of SharedArrayBuffer is in a third-party script, inquire from the
vendor whether SharedArrayBuffer is required for the script's operation.
Why am I seeing a SharedArrayBuffer deprecation warning in desktop Chrome?
Because SharedArrayBuffer can be used to create a high resolution timer, it
can make Spectre-style attacks more efficient. Browsers are limiting
its use to pages that opt in to COEP. That limitation is already in place for
Firefox and Android Chrome, and
Desktop Chrome will be applying it in version 92.
Why doesn't GPT support COEP yet?
Displaying ads requires embedding cross-origin content, and COEP requires that content to explicitly opt in to cross-origin embedding. This requires changes to every resource in every ad, both ones served by Google and ones served by third parties. We are working with Chrome on changes to allow COEP sites to include ads without requiring such extensive changes.
What are my options?
If your site requires SharedArrayBuffer, Chrome is offering a per-site opt-out
through a reverse Origin Trial, which allows use of
SharedArrayBuffer in Chrome 92 and later. Chrome plans to continue
supporting this opt-out until support for embedding
unmodified third-party content is released. At that point we indend to ensure
GPT supports COEP pages.