diff --git a/www/.htaccess b/www/.htaccess
index 470f8cf..7161fb2 100644
--- a/www/.htaccess
+++ b/www/.htaccess
@@ -18,6 +18,8 @@
 		Header always set Referrer-Policy "no-referrer-when-downgrade"
 		# Strict-Transport-Security
 		Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+		# Cross-Origin-Opener-Policy
+		Header always set Cross-Origin-Opener-Policy "same-origin"
 		# Content-Security-Policy
 		Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://*.pingdom.net https://code.jquery.com; style-src 'self' 'unsafe-inline' https://cdn.joomla.org https://fonts.googleapis.com; connect-src 'self' https://*.pingdom.net https://*.google-analytics.com https://*.doubleclick.net; frame-src 'self' https://*.googletagmanager.com; font-src 'self' https://cdn.joomla.org https://fonts.gstatic.com; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net; report-uri https://joomla.report-uri.com/r/t/csp/enforce"
 	</IfModule>