The Cross-Origin-Opener-Policy header seems to be quite similar to what the rel="noopener noreferrer" attribute does when opening document in a new tab (target="_blank").
When should I use which one? It seems the COOP header is applicable when I link between origins while the rel="noopener noreferrer" attribute (on anchor tags) seems to work on the same origin as well.
The COOP header also doesn't work over HTTP.
Should I use both? They seem to be quite complimentary.
I am a bit confused here.
As much as I understand:
COOP will allow you to block access to your window object if someone opens your window from their window, while noreferrer / noopener is for when you don't want the windows that you open as child, to have access to your window object.