From a7e54359cadab65bdf5d32c6ff100d85585c9851 Mon Sep 17 00:00:00 2001
From: clamy <clamy@chromium.org>
Date: Wed, 10 Jun 2020 16:09:39 +0200
Subject: [PATCH] Add cross-origin oepner policy reporting API

---
 source | 693 +++++++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 551 insertions(+), 142 deletions(-)

diff --git a/source b/source
index 3b070332c62..5294194a5b6 100644
--- a/source
+++ b/source
@@ -3943,6 +3943,18 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
     <ul class="brief">
      <li>`<dfn data-x-href="https://wicg.github.io/cross-origin-embedder-policy/#http-headerdef-cross-origin-embedder-policy"><code>Cross-Origin-Embedder-Policy</code></dfn>` header</li>
      <li><dfn data-x="obtain-cross-origin-embedder-policy" data-x-href="https://wicg.github.io/cross-origin-embedder-policy/#abstract-opdef-obtain-a-responses-embedder-policy">obtain a response's embedder policy</dfn></li>
+     <li><dfn data-x="cross-origin-embedder-policy-value" data-x-href="https://wicg.github.io/cross-origin-embedder-policy/#embedder-policy-value">embedder policy value</dfn></li>
+     <li><dfn data-x="cross-origin-embedder-policy-report-only-value" data-x-href="https://wicg.github.io/cross-origin-embedder-policy/#embedder-policy-report-onlyvalue">embedder policy report only value</dfn></li>
+    </ul>
+   </dd>
+
+   <dt>Reporting</dt>
+
+   <dd>
+    <p>The following feature is defined in <cite>Reporting API</cite>: <ref spec=REPORTING></p>
+
+    <ul class="brief">
+     <li><dfn data-x="queue-report" data-x-href="https://w3c.github.io/reporting/#queue-report">queue report data as type for destination</dfn></li>
     </ul>
    </dd>
 
@@ -9040,8 +9052,7 @@ partial interface <dfn id="document" data-lt="">Document</dfn> {
   which is a <span>module map</span>, initially empty.</p>
 
   <p>The <code>Document</code> has a <dfn data-x="concept-document-coop">cross-origin opener
-  policy</dfn>, which is a <span>cross-origin opener policy</span>, initially "<code
-  data-x="coop-unsafe-none">unsafe-none</code>".</p>
+  policy</dfn>, which is a <span>cross-origin opener policy</span>.</p>
 
   <h4>The <code>DocumentOrShadowRoot</code> interface</h4>
 
@@ -76652,6 +76663,15 @@ popup4.close();</code></pre></div>
    <span>active document</span>'s <span data-x="concept-document-coop">cross-origin opener
    policy</span>.</p></li>
 
+   <li><p>Let <var>coop</var> be a new <span>cross-origin opener policy</span>.</p></li>
+
+   <li><p>If <var>creator</var> is non-null and <var>creator</var>'s <span>origin</span> is
+   <span>same origin</span> with <var>creator</var>'s <span>relevant settings object</span>'s
+   <span>top-level origin</span>, then set <var>coop</var> to <var>creator</var>'s <span
+   data-x="concept-document-bc">browsing context</span>'s <span>top-level browsing context</span>'s
+   <span>active document</span>'s <span data-x="concept-document-coop">cross-origin opener
+   policy</span>.</p></li>
+
    <li><p>Let <var>document</var> be a new <code>Document</code>, marked as an <span data-x="HTML
    documents">HTML document</span> in <span>quirks mode</span>, whose <span
    data-x="concept-document-content-type">content type</span> is "<code data-x="">text/html</code>",
@@ -77511,10 +77531,10 @@ console.assert(iframeWindow.frameElement === null);
      <dd>
       <ol>
        <li>
-        <p>If <var>current</var>'s <span>top-level browsing context</span>'s <span>active
-        document</span>'s <span data-x="concept-document-coop">cross-origin opener policy</span> is
-        "<code data-x="coop-same-origin">same-origin</code>" or "<code
-        data-x="coop-same-origin-plus-COEP">same-origin-plus-COEP</code>", then:</p>
+	      <p>If <var>current</var>'s <span>top-level browsing context</span>'s <span>active
+        document</span>'s <span data-x="concept-document-coop">cross-origin opener policy</span>'s
+        <span data-x="coop-struct-value">value</span> is "<code data-x="">same-origin</code>" or
+        "<code data-x="">same-origin-plus-COEP</code>", then:</p>
 
         <ol>
          <li><p>Let <var>currentDocument</var> be <var>current</var>'s <span>active
@@ -79968,10 +79988,30 @@ interface <dfn>BarProp</dfn> {
 
   <h3>Cross-origin opener policies</h3>
 
+  <h4>Cross-origin opener policy</h4>
+
   <p>A <dfn>cross-origin opener policy</dfn> allows a document which is navigated to in a
   <span>top-level browsing context</span> to force the creation of a new <span>top-level browsing
-  context</span>, and a corresponding <span data-x="tlbc group">group</span>. It has one of the
-  following values:</p>
+  context</span>, and a corresponding <span data-x="tlbc group">group</span>. The <span>cross-origin
+  opener policy</span> consists of:</p>
+
+  <ol>
+   <li><p>A <span data-x="cross-origin opener policy value">cross-origin opener policy value</span>
+   (<dfn data-x="coop-struct-value">value</dfn>), initially "<code data-x="">unsafe-none</code>".</p></li>
+
+   <li><p>A string or <code data-x="">null</code> (<dfn data-x="coop-struct-report-endpoint">reporting
+   endpoint</dfn>), initially <code data-x="">null</code>.</p></li>
+
+   <li><p>A <span data-x="cross-origin opener policy value">cross-origin opener policy value</span>
+   (<dfn data-x="coop-struct-report-only-value">report only value</dfn>), initially "<code
+   data-x="">unsafe-none</code>".</p></li>
+
+   <li><p>A string or <code data-x="">null</code> (<dfn
+   data-x="coop-struct-report-only-endpoint">report only reporting endpoint</dfn>), initially <code
+   data-x="">null</code>.</p></li>
+  </ol>
+
+  <p>The <dfn>cross-origin opener policy value</dfn> consists of the following:</p>
 
   <dl>
    <dt>"<dfn><code data-x="coop-unsafe-none">unsafe-none</code></dfn>"</dt>
@@ -80008,10 +80048,10 @@ interface <dfn>BarProp</dfn> {
    </dd>
   </dl>
 
-  <p>To <dfn data-x="matching-coop">match cross-origin opener policies</dfn>, given a
-  <span>cross-origin opener policy</span> <var>A</var>, an <span>origin</span> <var>originA</var>, a
-  <span>cross-origin opener policy</span> <var>B</var>, and an <span>origin</span>
-  <var>originB</var>:</p>
+  <p>To <dfn data-x="matching-coop">match cross-origin opener policy values</dfn>, given a <span
+  data-x="coop-struct-value">cross-origin opener policy value</span> <var>A</var>, an
+  <span>origin</span> <var>originA</var>, a <span data-x="coop-struct-value">>cross-origin opener
+  policy value</span> <var>B</var>, and an <span>origin</span> <var>originB</var>:</p>
 
   <ol>
    <li><p>If <var>A</var> is "<code data-x="coop-unsafe-none">unsafe-none</code>" and <var>B</var>
@@ -80026,13 +80066,15 @@ interface <dfn>BarProp</dfn> {
    <li><p>Return false.</p></li>
   </ol>
 
-  <h4>Cross-Origin-Opener-Policy header</h4>
+  <h4>Cross-Origin-Opener-Policy headers</h4>
 
   <p>A <code>Document</code>'s <span data-x="concept-document-coop">cross-origin opener
   policy</span> is derived from the `<code
-  data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy</code>` HTTP response header.
-  This header is a <span data-x="http-structured-header">structured header</span> whose value must
-  be a <span data-x="http-structured-header-token">token</span>. <ref spec=STRUCTURED-HEADERS></p>
+  data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy</code>`  and the `<code
+  data-x="http-cross-origin-opener-policy-report-only">Cross-Origin-Opener-Policy-Report-Only</code>`
+  HTTP response headers. These headers are <span data-x="http-structured-header">structured
+  headers</span> whose value must be a <span data-x="http-structured-header-token">token</span>.
+  <ref spec=STRUCTURED-HEADERS></p>
 
   <p>The valid <span data-x="http-structured-header-token">token</span> values are "<code
   data-x="coop-unsafe-none">unsafe-none</code>", "<code
@@ -80049,13 +80091,15 @@ interface <dfn>BarProp</dfn> {
   data-x="concept-response">response</span> <var>response</var>:</p>
 
   <ol>
+   <li><p>Let <var>policy</var> be a new <span>cross-origin opener policy</span>.</p></li>
+
    <li><p>Let <var>securityState</var> be the result of executing <span>Is url potentially
    trustworthy?</span> on <var>response</var>'s <span
    data-x="concept-response-url">url</span>.</p></li>
    <!-- See https://github.com/whatwg/html/issues/5558 about refactoring this. -->
 
    <li><p>If <var>securityState</var> is "<code data-x="">Not Trustworthy</code>", then return
-   "<code data-x="coop-unsafe-none">unsafe-none</code>".</p> </li>
+   <var>policy</var>.</p> </li>
 
    <li><p>Let <var>value</var> be the result of <span
    data-x="concept-response-header-list-get-structured-header">getting a structured header</span>
@@ -80063,40 +80107,196 @@ interface <dfn>BarProp</dfn> {
    "<code data-x="">item</code>" from <var>response</var>'s <span
    data-x="concept-response-header-list">header list</span>.</p></li>
 
-   <li><p>If <var>value</var> is failure or null, then return "<code
-   data-x="coop-unsafe-none">unsafe-none</code>".</p></li>
+   <li>
+    <p>If <var>value</var> is not <code data-x="">failure</code> and is not <code
+    data-x="">null</code>, then:</p>
+
+    <ol>
+     <li>
+      <p>If <var>value</var> bare item is "<code data-x="">same-origin</code>", then:</p>
 
-   <li><p>If <var>value</var>[0] is not "<code data-x="coop-same-origin">same-origin</code>" or
-   "<code data-x="coop-same-origin-allow-popups">same-origin-allow-popups</code>", then return
-   "<code data-x="coop-unsafe-none">unsafe-none</code>".</p></li>
+      <ol>
+       <li><p>Let <var>coep</var> be the result of <span
+       data-x="obtain-cross-origin-embedder-policy">obtaining a cross-origin embedder
+       policy</span> from <var>response</var>.</p></li>
 
-   <li>
-    <p>If <var>value</var>[0] is "<code data-x="coop-same-origin">same-origin</code>", then:</p>
+       <li><p>If <var>coep</var>'s <span data-x="cross-origin-embedder-policy-value">value</span> is
+       "<code data-x="">require-corp</code>", then set <var>policy</var> <span
+       data-x="coop-struct-value">value</span> to "<code
+       data-x="">same-origin-plus-COEP</code>".</p></li>
+
+       <li><p>Else, set <var>policy</var> <span data-x="coop-struct-value">value</span> to "<code
+       data-x="">same-origin</code>".</p></li>
+      </ol>
+     </li>
+
+     <li><p>If <var>value</var> bare item is "<code data-x="">same-origin-allow-popups</code>",
+     then set <var>policy</var> <span data-x="coop-struct-value">value</span> to "<code
+     data-x="">same-origin-allow-popups</code>".</p></li>
+
+     <li><p>If <var>value</var>'s parameters["report-to"] <span data-x="map
+     exists">exists</span> and it is a string, then set <span
+     data-x="coop-struct-report-endpoint">reporting endpoint</span> to
+     <var>value</var>'s parameters["report-to"].</p></li>
+    </ol>
+   </li>
+
+   <li><p>Let <var>reportOnlyValue</var> be the result of <span
+   data-x="concept-response-header-list-get-structured-header">getting a structured header</span>
+   given `<code data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy-Report-Only</code>` and
+   "<code data-x="">item</code>" from <var>response</var>'s <span
+   data-x="concept-response-header-list">header list</span>.</p></li>
 
+   <li>
+    <p>If <var>reportOnlyValue</var> is not <code data-x="">failure</code> and is not <code
+    data-x="">null</code>, then:</p>
     <ol>
-     <li><p>Let <var>coep</var> be the result of <span
-     data-x="obtain-cross-origin-embedder-policy">obtaining a cross-origin embedder
-     policy</span> from <var>response</var>.</p></li>
+     <li>
+      <p>If <var>reportOnlyValue</var> bare item is "<code data-x="">same-origin</code>", then:</p>
+
+      <ol>
+       <li><p>Let <var>coep</var> be the result of <span
+       data-x="obtain-cross-origin-embedder-policy">obtaining a cross-origin embedder
+       policy</span> from <var>response</var>.</p></li>
+
+       <li>
+        <p>If <var>coep</var>'s <span data-x="cross-origin-embedder-policy-value">value</span> is
+        "<code data-x="">require-corp</code>" or <var>coep</var>'s <span
+        data-x="cross-origin-embedder-policy-report-only-value">report only value</span> is "<code
+        data-x="">require-corp</code>", then set <var>policy</var> <span
+        data-x="coop-struct-report-only-value">report only value</span> to "<code
+        data-x="">same-origin-plus-COEP</code>".</p>
+
+        <p class="note">Report only COOP also considers report only COEP to assign the special "<code
+        data-x="">same-origin-plus-coep</code>" value. This allows developers more freedom in the
+        order of deployment of COOP and COEP.</p>
+       </li>
 
-     <li><p>If <var>coep</var> is "<code data-x="">require-corp</code>", then return "<code
-     data-x="coop-same-origin-plus-COEP">same-origin-plus-COEP</code>".</p></li>
+       <li><p>Else, set <var>policy</var> <span data-x="coop-struct-report-only-value">report only
+       value</span> to "<code data-x="">same-origin</code>".</p></li>
+      </ol>
+     </li>
+
+     <li><p>If <var>reportOnlyValue</var> bare item is "<code
+     data-x="">same-origin-allow-popups</code>", then set <var>policy</var> <span
+     data-x="coop-struct-report-only-value">report only value</span> to "<code
+     data-x="">same-origin-allow-popups</code>".</p></li>
+
+     <li><p>If <var>reportOnlyValue</var>'s parameters["report-to"] <span data-x="map
+     exists">exists</span> and it is a string, then set <span
+     data-x="coop-struct-report-only-endpoint">report only reporting endpoint</span> to
+     <var>reportOnlyValue</var>'s parameters["report-to"].</p></li>
     </ol>
    </li>
 
-   <li><p>Return <var>value</var>[0].</p></li>
+   <li><p>Return <var>policy</var>.</p></li>
   </ol>
 
+
   <h4>Browsing context group switches due to cross-origin opener policy</h4>
 
+  <p>To <dfn data-x="check-browsing-context-group-switch-coop-value">check if a cross-origin opener
+  policy value requires a browsing context group switch</dfn>, given a boolean
+  <var>isInitialEmptyDocument</var>, two <span data-x="origin">origins</span>
+  <var>responseOrigin</var>, <var>activeDocumentNavigationOrigin</var>, and two <span
+  data-x="coop-struct-value">cross-origin opener policy values</span> <var>responseCOOPValue</var>,
+  <var>activeDocumentCOOPValue</var>:</p>
+
+  <ol>
+   <li><p>If the result of <span data-x="matching-coop">matching</span>
+   <var>activeDocumentCOOPValue</var>, <var>activeDocumentNavigationOrigin</var>,
+   <var>responseCOOPValue</var> and <var>responseOrigin</var> is true, return
+   <code data-x="">false</code>.</p></li>
+
+   <li>
+    <p>If all of the following are true:</p>
+
+    <ul>
+     <li><p><var>isInitialEmptyDocument</var>.</p></li>
+
+     <li><p><var>activeDocumentCOOPValue</var>'s <span data-x="coop-struct-value">value</span> is "<code
+     data-x="">same-origin-allow-popups</code>".</p></li>
+
+     <li><p><var>responseCOOPValue</var> is "<code data-x="">unsafe-none</code>".</p></li>
+    </ul>
+
+    <p>then return <code data-x="">false</code>.</p>
+   </li>
+
+   <li><p>Return <code data-x="">true</code>.</p>
+  </ol>
+
+  <p>To <dfn data-x="check-bcg-switch-navigation-report-only">check if enforcing report only COOP
+  policies would require a browsing context group switch</dfn>, given a boolean
+  <var>isInitialEmptyDocument</var>, two <span data-x="origin">origins</span>
+  <var>responseOrigin</var>, <var>activeDocumentNavigationOrigin</var>, and two <span
+  data-x="cross-origin opener policy">cross-origin opener policies</span> <var>responseCOOP</var>,
+  and <var>ActiveDocumentCOOP</var>:</p>
+
+  <ol>
+   <li>
+    <p>If the result of <span data-x="check-browsing-context-group-switch-coop-value">checking if
+    the navigation requires a browsing context group switch</span> given
+    <var>isInitialEmptyDocument</var>, <var>sandboxFlags</var>, <var>responseOrigin</var>,
+    <var>activeDocumentNavigationOrigin</var>, <var>responseCOOP</var>'s <span
+    data-x="coop-struct-report-only-value">report-only value</span> and
+    <var>ActiveDocumentCOOPReportOnly</var>'s <span
+    data-x="coop-struct-report-only-value">report-only value</span> is <code data-x="">false</code>,
+    return <code data-x="">false</code>.</p>
+
+    <p class="note">Matching report only policies allows a website to specify the same report only
+    Cross-Origin-Opener-Policy on all its pages and not receive violation reports for navigations
+    between these pages.</p>
+   </li>
+
+   <li><p>If the result of <span
+   data-x="check-browsing-context-group-switch-coop-value">checking if the navigation requires a
+   browsing context group switch</span> given <var>isInitialEmptyDocument</var>,
+   <var>sandboxFlags</var>, <var>responseOrigin</var>, <var>activeDocumentNavigationOrigin</var>,
+   <var>responseCOOP</var>'s <span data-x="coop-struct-value">value</span> and
+   <var>ActiveDocumentCOOPReportOnly</var>'s <span data-x="coop-struct-report-only-value">report-only
+   value</span> is <code data-x="">true</code>, return <code data-x="">true</code>.</p></li>
+
+   <li><p>If the result of <span
+   data-x="check-browsing-context-group-switch-coop-value">checking if the navigation requires a
+   browsing context group switch</span> given <var>isInitialEmptyDocument</var>,
+   <var>sandboxFlags</var>, <var>responseOrigin</var>, <var>activeDocumentNavigationOrigin</var>,
+   <var>responseCOOP</var>'s <span data-x="coop-struct-report-only-value">report-only value</span>
+   and <var>ActiveDocumentCOOPReportOnly</var>'s <span data-x="coop-struct-value">value</span> is
+   <code data-x="">true</code>, return <code data-x="">true</code>.</p></li>
+
+   <li><p>Return <code data-x="">false</code>.</p></li>
+  </ol>
+
+  <p>A <dfn data-x="coop-enforcement-result">cross-origin opener policy enforcement result</dfn> is
+  a struct composed of:</p>
+
+  <ul>
+   <li><p>A boolean <var>needBrowsingContextGroupSwitch</var>, initially <code
+   data-x="">false</code>.</p></li>
+
+   <li><p>A boolean <var>needBrowsingContextGroupSwitchReportOnly</var>, initially <code
+   data-x="">false</code>.</p></li>
+
+   <li><p>A boolean <var>sameOriginWithPreviousDocumentIncludingRedirects</var>, initally <code
+   data-x="">true</code>.</p></li>
+  </ul>
+
   <p>To <dfn data-x="check-browsing-context-group-switch-response">check if a response requires a
   browsing context group switch</dfn>, given a <span>browsing context</span>
-  <var>browsingContext</var>, an <span>origin</span> <var>responseOrigin</var> and a
-  <span>cross-origin opener policy</span> <var>responseCOOP</var>, run the followign steps:</p>
+  <var>browsingContext</var>, an <span>origin</span> <var>responseOrigin</var>, a
+  <span>cross-origin opener policy</span> <var>responseCOOP</var>, and a <span
+  data-x="coop-enforcement-result">cross-origin opener policy enforcement result</span>
+  <var>currentCOOPEnforcementResult</var>, run the followign steps:</p>
 
   <ol>
    <li><p>Let <var>activeDocumentNavigationOrigin</var> be <var>browsingContext</var>'s <span>active
    document</span>'s <span>origin</span>.</p></li>
 
+   <li><p>If <var>activeDocumentNavigationOrigin</var> is not <span>same origin</span> with
+   <var>responseOrigin</var>, set <var>currentCOOPEnforcementResult</var>'s
+   <var>sameOriginWithPreviousDocumentIncludingRedirects</var> to false.</p></li>
+
    <li><p>Let <var>activeDocumentCOOP</var> be <var>browsingContext</var>'s <span>active
    document</span>'s <span data-x="concept-document-coop"> cross-origin opener
    policy</span>.</p></li>
@@ -80108,41 +80308,128 @@ interface <dfn>BarProp</dfn> {
    <span data-x="creating a new browsing context">created</span>, then set
    <var>isInitialAboutBlank</var> to true.</p></li>
 
-   <li><p>If the result of <span data-x="matching-coop">matching</span>
-   <var>activeDocumentCOOP</var>, <var>activeDocumentNavigationOrigin</var>,
-   <var>responseCOOP</var> and <var>responseOrigin</var> is true, then return false.</p></li>
-
-   <li>
-    <p>If all of the following are true:</p>
-
-    <ul>
-     <li><p><var>isInitialAboutBlank</var></p></li>
+   <li><p>If the result of <span data-x="check-browsing-context-group-switch-coop-value">checking if
+   the COOP values require a browsing context group switch</span> given
+   <var>isInitialAboutBlank</var>, <var>activeDocumentCOOP</var>'s <span
+   data-x="coop-struct-value">value</span>, <var>activeDocumentNavigationOrigin</var>,
+   <var>responseCOOP</var>'s <span data-x="coop-struct-value">value</span> and
+   <var>responseOrigin</var> is true, set <var>currentCOOPEnforcementResult</var>'s
+   <var>needBrowsingContextGroupSwitch</var> to true.</p></li>
 
-     <li><p><var>activeDocumentCOOP</var> is "<code
-     data-x="coop-same-origin-allow-popups">same-origin-allow-popups</code>".</p></li>
+   <li><p>If the result of <span data-x="check-bcg-switch-navigation-report-only">checking if
+   enforcing report only COOP policies would require a browsing context group switch</span> given
+   <var>isInitialAboutBlank</var>, <var>responseOrigin</var>,
+   <var>activeDocumentNavigationOrigin</var>, <var>responseCOOP</var>, and
+   <var>activeDocumentCOOP</var>, is true, set <var>currentCOOPEnforcementResult</var>'s
+   <var>needBrowsingContextGroupSwitchReportOnly</var> to true.</p></li>
 
-     <li><p><var>responseCOOP</var> is "<code
-     data-x="coop-unsafe-none">unsafe-none</code>".</p></li>
-    </ul>
+   <li>
+    <p>If <var>browsingContext</var>'s <span>browsing context group</span>'s <span>browsing
+    context set</span>'s <span data-x="list size">size</span> is strictly greater than <code
+    data-x="">1</code>, then:</p>
 
-    <p>then return false.</p>
+    <ol>
+     <li>If <p><var>navigationCOOP</var>'s <span
+     data-x="coop-struct-report-endpoint">reporting endpoint</span> is not <code
+     data-x="">null</code> and <var>currentCOOPEnforcementResult</var>'s
+     <var>needBrowsingContextGroupSwitch</var> is true, <span
+     data-x="coop-violation-navigat-to">queue a violation report for browsing context group switch
+     when navigating to a COOP page</span> with <var>navigationCOOP</var>'s <span
+     data-x="coop-struct-report-endpoint">reporting endpoint</span>, <var>navigationCOOP</var>'s
+     <span data-x="coop-struct-value">value</span>, "<code data-x="">enforce</code>",
+     <var>response</var>'s <span data-x="concept-response-URL">URL</span>,
+     <var>browsingContext</var>'s <span>active document</span>'s <span>URL</span>,
+     <var>request</var>'s <span data-x="concept-request-referrer">referrer</span>, and
+     <var>currentCOOPEnforcementResult</var>'s
+     <var>sameOriginWithPreviousDocumentIncludingRedirects</var>.</p></li>
+
+     <li><p>If <var>navigationCOOP</var>'s <span
+     data-x="coop-struct-report-only-endpoint">report only reporting endpoint</span> is not <code
+     data-x="">null</code> and <var>currentCOOPEnforcementResult</var>'s
+     <var>needBrowsingContextGroupSwitchReportOnly</var>, <span
+     data-x="coop-violation-navigat-to">queue a violation report for browsing context group switch
+     when navigating to a COOP page</span> with <var>navigationCOOP</var>'s <span
+     data-x="coop-struct-report-only-endpoint">report only reporting endpoint</span>,
+     <var>navigationCOOP</var>'s <span data-x="coop-struct-report-only-value">report only
+     value</span>, "<code data-x="">reporting</code>", <var>response</var>'s <span
+     data-x="concept-response-URL">URL</span>, <var>browsingContext</var>'s <span>active
+     document</span>'s <span>URL</span>, and <var>request</var>'s <span
+     data-x="concept-request-referrer">referrer</span>.</p></li>
+    </ol>
    </li>
-
-   <li><p>Return true.</p></li>
   </ol>
 
   <p>To <dfn data-x="obtain-browsing-context-navigation">obtain a browsing context to use for a
   navigation response</dfn>, given a <span data-x="browsing context">browsing context</span>
-  <var>browsingContext</var>, a <span>sandboxing flag set</span> <var>sandboxFlags</var>, and a
-  <span>cross-origin opener policy</span> <var>navigationCOOP</var>:</p>
+  <var>browsingContext</var>, a <span>sandboxing flag set</span> <var>sandboxFlags</var>, a
+  <span>cross-origin opener policy</span> <var>navigationCOOP</var> and a <span
+  data-x="coop-enforcement-result">cross-origin opener policy enforcement result</span>
+  <var>COOPEnforcementResult</var>:</p>
 
   <ol>
    <li><p>Assert <var>browsingContext</var> is a <span>top-level browsing context</span>.</p></li>
 
+   <li><p>Let <var>activeDocumentCOOP</var> be <var>browsingContext</var>'s <span>active
+   document</span>'s <span data-x="concept-document-coop"> cross-origin opener
+   policy</span>.</p></li>
+
+   <li>
+    <p>If <var>COOPEnforcementResult</var>'s <var>needBrowsingContextGroupSwitchReportOnly</var>
+    is <code data-x="">true</code> and <var>browsingContext</var>'s <span>browsing context
+    group</span>'s <span>browsing context set</span>'s <span data-x="list size">size</span> is
+    strictly greater than <code data-x="">1</code>, and <var>activeDocumentCOOP</var>'s <span
+    data-x="coop-struct-report-only-endpoint">report only reporting endpoint</span> is not <code
+    data-x="">null</code>, then:</p>
+
+    <ol>
+     <li><p>Let <var>initialNavigationURL</var> be a new empty <span>URL</span>.</p></li>
+
+     <li><p>If <var>source</var> and <var>browsingContext</var> are the same, set
+     <var>initialNavigationURL</var> to <var>request</var>'s <span
+     data-x="concept-request-url">URL</span>.</p></li>
+
+     <li><p><span data-x="coop-violation-navigat-from">Queue a violation report for
+     browsing context group switch when navigating away from a COOP page</span> with
+     <var>activeDocumentCOOP</var>'s <span data-x="coop-struct-report-only-endpoint">report only
+     reporting endpoint</span>, <var>activeDocumentCOOP</var>'s <span
+     data-x="coop-struct-report-only-value">report only value</span>, "<code
+     data-x="">reporting</code>", <var>response</var>'s <span
+     data-x="concept-response-URL">URL</span>, <var>browsingContext</var>'s <span>active
+     document</span>'s <span>URL</span>, and <var>initialNavigationURL</var>.</p></li>
+    </ol>
+   </li>
+
+   <li><p>If <var>COOPEnforcementResult</var>'s <var>needBrowsingContextGroupSwitch</var> is <code
+   data-x="">false</code>, return <var>browsingContext</var>.
+
+   <li>
+    <p>If <var>browsingContext</var>'s <span>browsing context group</span>'s <span>browsing context
+    set</span>'s <span data-x="list size">size</span> is strictly greater than <code
+    data-x="">1</code>, and <var>activeDocumentCOOP</var>'s <span
+    data-x="coop-struct-report-endpoint"> reporting endpoint</span> is not <code
+    data-x="">null</code>, then:</p>
+
+    <ol>
+     <li><p>Let <var>initialNavigationURL</var> be a new empty <span>URL</span>.</p></li>
+
+     <li><p>If <var>source</var> and <var>browsingContext</var> are the same, set
+     <var>initialNavigationURL</var> to <var>request</var>'s <span
+     data-x="concept-request-url">URL</span>.</p></li>
+
+     <li><p><span data-x="coop-violation-navigat-from">Queue a violation report for
+     browsing context group switch when navigating away from a COOP page</span> with
+     <var>activeDocumentCOOP</var>'s <span data-x="coop-struct-report-endpoint">reporting
+     endpoint</span>, <var>activeDocumentCOOP</var>'s <span data-x="coop-struct-value">value</span>,
+     "<code data-x="">enforce</code>", <var>response</var>'s <span
+     data-x="concept-response-URL">URL</span>, <var>browsingContext</var>'s <span>active
+     document</span>'s <span>URL</span>, and <var>initialNavigationURL</var>.</p></li>
+    </ol>
+   </li>
+
    <li><p>Let <var>newBrowsingContext</var> be the result of <span>creating a new top-level browsing
    context</span>.</p></li>
 
-   <li><p>If <var>navigationCOOP</var> is "<code
+   <li><p>If <var>navigationCOOP</var>'s <span data-x="coop-struct-value">value</span> is "<code
    data-x="coop-same-origin-plus-COEP">same-origin-plus-COEP</code>", then set
    <var>newBrowsingContext</var>'s <span data-x="tlbc group">group</span>'s <span data-x="bcg
    cross-origin isolated">cross-origin isolated</span> to true.</p></li>
@@ -80150,8 +80437,8 @@ interface <dfn>BarProp</dfn> {
    <li>
     <p>If <var>sandboxFlags</var> is not empty, then:</p>
     <ol>
-     <li><p>Assert: <var>navigationCOOP</var> is "<code
-     data-x="coop-unsafe-none">unsafe-none</code>".</p></li>
+     <li><p>Assert <var>navigationCOOP</var>'s <span data-x="coop-struct-value">value</span> is
+     "<code data-x="">unsafe-none</code>".</p></li>
 
      <li><p>Set <var>newBrowsingContext</var>'s <span>sandboxing flag set</span> to
      <var>sandboxFlags</var>.</p></li>
@@ -80173,6 +80460,90 @@ interface <dfn>BarProp</dfn> {
   defined. It is currently under discussion in <a
   href="https://github.com/whatwg/html/issues/5350">issue #5350</a>.</p>
 
+  <h4>Reporting policies</h4>
+
+  <p>To <dfn data-x="coop-violation-navigat-to">queue a violation report for browsing context group
+  switch when navigating to a COOP page</dfn> given a string <var>endpoint</var>, a <span
+  data-x="cross-origin opener policy value">cross-origin opener policy value</span>
+  <var>COOPValue</var>, a string <var>disposition</var>, a <span>URL</span>
+  <var>navigationURL</var>, a <span>URL</span> <var>currentDocumentURL</var>, and a
+  <span data-x="concept-request-referrer">referrer</span> <var>referrer</var>:<p>
+
+  <ol>
+   <li><p>Let <var>previousDocumentURL</var> be <var>referrer</var>.</p></li>
+
+   <li><p>If <var>currentDocumentURL</var> and <var>navigationURL</var> are
+   <span>same origin</span>, set <var>previousDocumentURL</var> to
+   <var>currentDocumentURL</var>.</p></li>
+
+   <li><p>Set <var>previousDocumentURL</var>'s <span data-x="concept-url-username">username</span>
+   to the empty string, and its <span data-x="concept-url-password">password</span> to <code
+   data-x="">null</code>.</p></li>
+
+   <li><p>Let <var>serializedPreviousDocumentURL</var> be the result of executing the <span
+   data-x="concept-url-serializer">URL serializer</span> on <var>previousDocumentURL</var> with the
+   <var>exclude fragment flag</var> set.</p></li>
+
+   <li>
+    <p>Let <var>body</var> be a new object containing the following properties with keys:</p>
+
+    <ul>
+     <li><p>key: "<code data-x="">disposition</code>", value: <var>disposition</var>.</p></li>
+
+     <li><p>key: "<code data-x="">effective-policy</code>", value: <var>COOPValue</var>.</p></li>
+
+     <li><p>key: "<code data-x="">navigation-uri</code>", value:
+     <var>serializedPreviousDocumentURL</var>.</p></li>
+
+     <li><p>key: "<code data-x="">violation-type</code>", value: "<code
+     data-x="">navigate-to-document</code>".</p></li>
+    </ul>
+   </li>
+
+   <li><p><span data-x="queue-report">Queue</span> <var>body</var> as "<code data-x="">coop</code>"
+   for <var>endpoint</var> with <var>navigationURL</var>.</p></li>
+  </ol>
+
+  <p>To <dfn data-x="coop-violation-navigat-from">queue a violation report for browsing context group
+  switch when navigating away from a COOP page</dfn> given a string <var>endpoint</var>, a
+  <span>cross-origin opener policy value</span> <var>COOPValue</var>, a string
+  <var>disposition</var>, a <span>URL</span> <var>navigationURL</var>, a <span>URL</span>
+  <var>currentDocumentURL</var>, and a <span>URL</span> <var>initialNavigationURL</var>:<p>
+
+  <ol>
+   <li><p>Let <var>nextDocumentURL</var> be <var>initialNavigationURL</var>.</p></li>
+
+   <li><p>If <var>currentDocumentURL</var> and <var>navigationURL</var> are
+   <span>same origin</span>, set <var>nextDocumentURL</var> to
+   <var>navigationURL</var>.</p></li>
+
+   <li><p>Set <var>nextDocumentURL</var>'s <span data-x="concept-url-username">username</span> to
+   the empty string, and its <span data-x="concept-url-password">password</span> to <code
+   data-x="">null</code>.</p></li>
+
+   <li><p>Let <var>serializedNextDocumentURL</var> be the result of executing the <span
+   data-x="concept-url-serializer">URL serializer</span> on <var>nextDocumentURL</var> with the
+   <var>exclude fragment flag</var> set.</p></li>
+
+   <li>
+    <p>Let <var>body</var> be a new object containing the following properties with keys:</p>
+
+    <ul>
+     <li><p>key: "<code data-x="">disposition</code>", value: <var>disposition</var>.</p></li>
+
+     <li><p>key: "<code data-x="">effective-policy</code>", value: <var>COOPValue</var>.</p></li>
+
+     <li><p>key: "<code data-x="">navigation-uri</code>", value:
+     <var>serializedNextDocumentURL</var>.</p></li>
+
+     <li><p>key: "<code data-x="">violation-type</code>", value: "<code
+     data-x="">navigate-from-document</code>".</p></li>
+    </ul>
+   </li>
+
+   <li><p><span data-x="queue-report">Queue</span> <var>body</var> as "<code data-x="">coop</code>"
+   for <var>endpoint</var> with <var>currentDocumentURL</var>.</p></li>
+  </ol>
 
 
   <h3 split-filename="history" id="history">Session history and navigation</h3>
@@ -81998,15 +82369,17 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
        data-x="concept-request-url">url</span>, <var>finalSandboxFlags</var>,
        <var>incumbentNavigationOrigin</var>, and <var>activeDocumentNavigationOrigin</var>.</p></li>
 
-       <li><p>Let <var>responseCOOP</var> be "<code data-x="">unsafe-none</code>".</p></li>
+       <li><p>Let <var>responseCOOP</var> be a new <span>cross-origin opener policy</span>.</p></li>
 
-       <li><p>Let <var>browsingContextSwitchNeeded</var> be false.</p></li>
+       <li><p>Let <var>COOPEnforcementResult</var> be a new <span
+       data-x="coop-enforcement-result">cross-origin opener policy enforcement
+       result</span>.</p></li>
 
        <li><p>Run <span>process a navigate response</span> with null, <var>resource</var>,
        <var>navigationType</var>, the <span>source browsing context</span>,
        <var>browsingContext</var>, <var>finalSandboxFlags</var>, <var>responseOrigin</var>,
        <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>, null,
-       <var>responseCOOP</var>, and <var>browsingContextSwitchNeeded</var>.</p></li>
+       <var>responseCOOP</var>, and <var>COOPEnforcementResult</var>.</p></li>
       </ol>
      </dd>
 
@@ -82027,13 +82400,17 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
        <span>sandboxing flag set</span> and <var>response</var>'s <span>forced sandboxing flag
        set</span>.</p></li>
 
+       <li><p>Let <var>COOPEnforcementResult</var> be a new <span
+       data-x="coop-enforcement-result">cross-origin opener policy enforcement
+       result</span>.</p></li>
+
        <li><p>Run <span>process a navigate response</span> with <var>resource</var>,
        <var>response</var>, <var>navigationType</var>, the <span>source browsing context</span>,
        <var>browsingContext</var>, <var>finalSandboxFlags</var>,
        <var>activeDocumentNavigationOrigin</var>, <var>incumbentNavigationOrigin</var>,
        <var>activeDocumentNavigationOrigin</var>, null, <var>browsingContext</var>'s <span>active
        document</span>'s <span data-x="concept-document-coop"> cross-origin opener
-       policy</span>, and false.</p></li>
+       policy</span>, and <var>COOPEnforcementResult</var>.</p></li>
       </ol>
 
       <p class="example">So for example a <span data-x="javascript
@@ -82131,7 +82508,8 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
 
    <li><p>Let <var>responseOrigin</var> be null.
 
-   <li><p>Let <var>browsingContextSwitchNeeded</var> be false.</p></li>
+   <li><p>Let <var>COOPEnforcementResult</var> be a <span
+   data-x="coop-enforcement-result">cross-origin opener policy enforcement result</span>.</p></li>
 
    <li><p>Let <var>finalSandboxFlags</var> be an empty <span>sandboxing flag set</span>.</p></li>
 
@@ -82241,21 +82619,18 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
 
          <li>
           <p>If <var>sandboxFlags</var> is not empty and <var>responseCOOP</var> is not "<code
-	  data-x="coop-unsafe-none">unsafe-none</code>", then set <var>response</var> to an
+	        data-x="coop-unsafe-none">unsafe-none</code>", then set <var>response</var> to an
           appropriate <span>network error</span> and return.</p>
 
-	  <p class="note">This results in a network error as one cannot simultaneously provide a
-	  clean slate to a response using cross-origin opener policy and sandbox the result of
+	        <p class="note">This results in a network error as one cannot simultaneously provide a
+	        clean slate to a response using cross-origin opener policy and sandbox the result of
           navigating to that response.</p>
          </li>
 
-         <li><p>Let <var>responseRequiresBrowsingContexGroupSwitch</var> be the result of <span
-	 data-x="check-browsing-context-group-switch-response">checking if the response requires a
-	 browsing context group switch</span> given <var>browsingContext</var>,
-         <var>responseOrigin</var>, and <var>responseCOOP</var>.</p></li>
-
-         <li><p>If <var>responseRequiresBrowsingContextGroupSwitch</var> is true, set
-         <var>browsingContextSwitchNeeded</var> to true.</p></li>
+         <li><p><span data-x="check-browsing-context-group-switch-response">Check if the response
+         requires a browsing context group switch</span> given <var>browsingContext</var>,
+         <var>responseOrigin</var>, <var>responseCOOP</var>, and
+         <var>COOPEnforcementResult</var>.</p></li>
         </ol>
        </li>
 
@@ -82360,9 +82735,10 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
 
    <li><p>Run <span>process a navigate response</span> given <var>request</var>,
    <var>response</var>, <var>navigationType</var>, the <span>source browsing context</span>,
-   <var>browsingContext</var>, <var>finalSandboxFlages</var>, <var>responseOrigin</var>, <var>incumbentNavigationOrigin</var>,
-   <var>activeDocumentNavigationOrigin</var>, <var>responseCOOP</var>,
-   <var>browsingContextSwitchNeeded</var> and <var>reservedEnvironment</var>.</p></li>
+   <var>browsingContext</var>, <var>finalSandboxFlages</var>, <var>responseOrigin</var>,
+   <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>,
+   <var>responseCOOP</var>, <var>COOPEnforcementResult</var> and
+   <var>reservedEnvironment</var>.</p></li>
   </ol>
 
   <p>To <dfn data-export="">process a navigate response</dfn>, given null or a <span
@@ -82372,8 +82748,9 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
   <var>browsingContext</var>, a <span>sandboxing flag set</span> <var>finalSandboxFlags</var>, three
   <span data-x="origin">origins</span> <var>finalResponseOrigin</var>,
   <var>incumbentNavigationOrigin</var> and <var>activeDocumentNavigationOrigin</var>, a
-  <span>cross-origin opener policy</span> <var>responseCOOP</var>, a boolean
-  <var>browsingContextSwitchNeeded</var>, and null or an <span>environment</span>
+  <span>cross-origin opener policy</span> <var>responseCOOP</var>, a <span
+  data-x="coop-enforcement-result">cross-origin opener policy enforcement result</span>,
+  <var>COOPEmfrocementResult</var>, and null or an <span>environment</span>
   <var>reservedEnvironment</var>, run these steps:</p>
 
   <ol>
@@ -82427,20 +82804,20 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
     <dl class="switch">
      <dt>an <span>HTML MIME type</span></dt>
      <dd>Follow the steps given in the <span data-x="navigate-html">HTML document</span> section
-     providing <var>browsingContext</var>, <var>request</var>, <var>response</var>,
-     <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>,
+     providing <var>source</var>, <var>browsingContext</var>, <var>type</var>, <var>request</var>,
+     <var>response</var>, <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>,
      <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>,
-     <var>reservedEnvironment</var>, <var>responseCOOP</var>, and
-     <var>browsingContextSwitchNeeded</var>. Once the steps have completed, return.</dd>
+     <var>reservedEnvironment</var>, <var>responseCOOP</var> and <var>COOPEnforcementResult</var>.
+     Once the steps have completed, return.</dd>
 
      <dt>an <span>XML MIME type</span> that is not an <span>explicitly supported XML MIME
      type</span></dt>
      <dd>Follow the steps given in the <span data-x="navigate-xml">XML document</span> section
-     providing <var>browsingContext</var>, <var>type</var>, <var>request</var>, <var>response</var>,
-     <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>,
+     providing <var>source</var>, <var>browsingContext</var>, <var>type</var>, <var>request</var>,
+     <var>response</var>, <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>,
      <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>,
-     <var>reservedEnvironment</var>, <var>responseCOOP</var>, and
-     <var>browsingContextSwitchNeeded</var>. Once the steps have completed, return.</dd>
+     <var>reservedEnvironment</var>, <var>responseCOOP</var>, and <var>COOPEnforcementResult</var>.
+     Once the steps have completed, return.</dd>
 
      <dt>a <span>JavaScript MIME type</span></dt>
      <dt>a <span>JSON MIME type</span> that is not an <span>explicitly supported JSON MIME
@@ -82450,37 +82827,37 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
      <dt>"<code>text/plain</code>"</dt>
      <dt>"<code>text/vtt</code>"</dt>
      <dd>Follow the steps given in the <span data-x="navigate-text">plain text file</span> section
-     providing <var>browsingContext</var>, <var>type</var>, <var>request</var>, <var>response</var>,
-     <var>finalSandboxFlags</var>,<var>finalResponseOrigin</var>,
+     providing <var>source</var>, <var>browsingContext</var>, <var>type</var>, <var>request</var>,
+     <var>response</var>, <var>finalSandboxFlags</var>,<var>finalResponseOrigin</var>,
      <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>,
-     <var>reservedEnvironment</var>, <var>responseCOOP</var>, and
-     <var>browsingContextSwitchNeeded</var>. Once the steps have completed, return.</dd>
+     <var>reservedEnvironment</var>, <var>responseCOOP</var>, and <var>COOPEnforcementResult</var>.
+     Once the steps have completed, return.</dd>
 
      <dt>"<code>multipart/x-mixed-replace</code>"</dt>
      <dd>Follow the steps given in the <span
      data-x="navigate-multipart-x-mixed-replace">multipart/x-mixed-replace</span> section providing
-     <var>browsingContext</var>, <var>type</var>, <var>request</var>, <var>response</var>,
+     <var>source</var>, <var>browsingContext</var>, <var>type</var>, <var>request</var>, <var>response</var>,
      <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>,
      <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>,
      <var>reservedEnvironment</var>, <var>responseCOOP</var>, and
-     <var>browsingContextSwitchNeeded</var>. Once the steps have completed, return.</dd>
+     <var>COOPEnforcementResult</var>. Once the steps have completed, return.</dd>
 
      <dt>A supported image, video, or audio type</dt>
      <dd>Follow the steps given in the <span data-x="navigate-media">media</span> section providing
-     <var>browsingContext</var>, <var>type</var>, <var>request</var>, <var>response</var>,
-     <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>,
+     <var>source</var>, <var>browsingContext</var>, <var>type</var>, <var>request</var>,
+     <var>response</var>, <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>,
      <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>,
-     <var>reservedEnvironment</var>, <var>responseCOOP</var>, and
-     <var>browsingContextSwitchNeeded</var>. Once the steps have completed, return.</dd>
+     <var>reservedEnvironment</var>, <var>responseCOOP</var>, and <var>COOPenforcementResult</var>.
+     Once the steps have completed, return.</dd>
 
      <dt>A type that will use an external application to render the content in
      <var>browsingContext</var></dt>
      <dd>Follow the steps given in the <span data-x="navigate-plugin">plugin</span> section
-     providing <var>browsingContext</var>, <var>type</var>, <var>request</var>, <var>response</var>,
-     <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>,
+     providing <var>source</var>, <var>browsingContext</var>, <var>type</var>, <var>request</var>,
+     <var>response</var>, <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>,
      <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>,
-     <var>reservedEnvironment</var>, <var>responseCOOP</var>, and
-     <var>browsingContextSwitchNeeded</var>. Once the steps have completed, return.</dd>
+     <var>reservedEnvironment</var>, <var>responseCOOP</var>, and <var>COOPEnforcementResult</var>.
+     Once the steps have completed, return.</dd>
     </dl>
 
     <p>An <dfn>explicitly supported XML MIME type</dfn> is an <span>XML MIME type</span> for which
@@ -82650,18 +83027,21 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
   given a <span data-x="concept-document-type">type</span> <var>type</var>, <span
   data-x="concept-document-content-type">content type</span> <var>contentType</var>, a <span
   data-x="concept-request">request</span> <var>request</var>, a <span
-  data-x="concept-response">response</span> <var>response</var>, a <span data-x="browsing
-  context">browsing context</span> <var>browsingContext</var>, a <span>sandboxing flag set</span>
-  <var>finalSandboxFlags</var>, three <span data-x="origin">origins</span> <var>origin</var>,
-  <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>, null or an
+  data-x="concept-response">response</span> <var>response</var>, two <span data-x="browsing
+  context">browsing contexts</span> <var>source</var>, and <var>browsingContext</var>, a
+  <span>sandboxing flag set</span> <var>finalSandboxFlags</var>, three <span
+  data-x="origin">origins</span> <var>origin</var>, <var>incumbentNavigationOrigin</var>,
+  <var>activeDocumentNavigationOrigin</var>, null or an
   <span>environment</span> <var>reservedEnvironment</var>, a <span>cross-origin opener policy</span>
-  <var>navigationCOOP</var>, and a boolean <var>browsingContextSwitchNeeded</var>:</p>
+  <var>navigationCOOP</var>, and a <span data-x="coop-enforcement-result">cross-origin opener
+  policy enforcement result</span> <var>COOPEnforcementResult</var>:</p>
 
   <ol>
-   <li><p>If <var>browsingContextSwitchNeeded</var> is true, set <var>browsingContext</var> to the
-   result of the <span data-x="obtain-browsing-context-navigation">obtain a browsing context to use
-   for a navigation response</span> algorithm, given <var>browsingContext</var>,
-   <var>finalSandboxFlagSet</var>, and <var>navigationCOOP</var>.</p></li>
+   <li><p>Set <var>browsingContext</var> to the result of the <span
+   data-x="obtain-browsing-context-navigation">obtain a browsing context to use for a navigation
+   response</span> algorithm, given <var>request</var>, <var>response</var>, <var>source</var>,
+   <var>browsingContext</var>, <var>finalSandboxFlagSet</var>, <var>navigationCOOP</var>, and
+   <var>COOPEnforcementResult</var>.</p></li>
 
    <li>
     <p>Let <var>featurePolicy</var> be the result of <span>creating a feature policy from a
@@ -82947,20 +83327,20 @@ new PaymentRequest(&hellip;); // Allowed to use
   <h4 id="read-html">Page load processing model for HTML files</h4>
 
   <p>When <dfn data-x="navigate-html">an HTML document is to be loaded</dfn>, given a
-  <var>browsingContext</var>, <var>request</var>, <var>response</var>, <var>finalSandboxFlags</var>,
-  <var>finalResponseOrigin</var>, <var>incumbentNavigationOrigin</var>,
+  <var>source</var>, <var>browsingContext</var>, <var>request</var>, <var>response</var>,
+  <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>, <var>incumbentNavigationOrigin</var>,
   <var>activeDocumentNavigationOrigin</var>, <var>environment</var>, <var>responseCOOP</var>, and
-  <var>browsingContextSwitchNeeded</var> the user agent must <span>queue a task</span> on the
+  <var>COOPEnforcementResult</var> the user agent must <span>queue a task</span> on the
   <span>networking task source</span> to:</p>
 
   <ol>
    <li><p>Let <var>document</var> be the result of <span
    data-x="create-the-document-object">creating and initializing a <code>Document</code>
    object</span> providing "<code data-x="">html</code>", "<code data-x="">text/html</code>",
-   <var>request</var>, <var>response</var>, <var>browsingContext</var>, <var>finalSandboxFlags</var>,
-   <var>finalResponseOrigin</var>, <var>incumbentNavigationOrigin</var>,
-   <var>activeDocumentNavigationOrigin</var>, <var>environment</var>, <var>responseCOOP</var>, and
-   <var>browsingContextSwitchNeeded</var>.</p></li>
+   <var>request</var>, <var>response</var>, <var>source</var> <var>browsingContext</var>,
+   <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>,
+   <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>,
+   <var>environment</var>, <var>responseCOOP</var>, and <var>COOPEnforcementResult</var>.</p></li>
 
    <li>
     <p>Create an <span>HTML parser</span> and associate it with the <var>document</var>.  Each
@@ -82993,19 +83373,20 @@ new PaymentRequest(&hellip;); // Allowed to use
 
   <h4 id="read-xml"><dfn data-x="navigate-xml">Page load processing model for XML files</dfn></h4>
 
-  <p>When faced with displaying an XML file inline, provided <var>browsingContext</var>,
-  <var>request</var>, <var>response</var>, <var>finalSandboxFlags</var>,
+  <p>When faced with displaying an XML file inline, provided <var>source</var>,
+  <var>browsingContext</var>, <var>request</var>, <var>response</var>, <var>finalSandboxFlags</var>,
   <var>finalResponseOrigin</var>, <var>incumbentNavigationOrigin</var>,
   <var>activeDocumentNavigationOrigin</var>, <var>environment</var>,<var>responseCOOP</var>, and
-  <var>browsingContextSwitchNeeded</var> user agents must follow the requirements defined in
-  <cite>XML</cite> and <cite>Namespaces in XML</cite>, <cite>XML Media Types</cite>, <cite>DOM</cite>,
-  and other relevant specifications to <span data-x="create-the-document-object">create and
-  initialize a <code>Document</code> object</span> providing "<code data-x="">xml</code>",
-  <var>type</var>, <var>request</var>, <var>response</var>, <var>browsingContext</var>,
-  <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var> <var>incumbentNavigationOrigin</var>,
+  <var>COOPEnforcementResult</var> user agents must follow the requirements defined in
+  <cite>XML</cite> and <cite>Namespaces in XML</cite>, <cite>XML Media Types</cite>,
+  <cite>DOM</cite>, and other relevant specifications to <span
+  data-x="create-the-document-object">create and initialize a <code>Document</code> object</span>
+  providing "<code data-x="">xml</code>", <var>type</var>, <var>request</var>, <var>response</var>,
+  <var>source</var>, <var>browsingContext</var>, <var>finalSandboxFlags</var>,
+  <var>finalResponseOrigin</var> <var>incumbentNavigationOrigin</var>,
   <var>activeDocumentNavigationOrigin</var>, <var>environment</var>, <var>responseCOOP</var>. and
-  <var>browsingContextSwitchNeeded</var>. It must also create and a corresponding <span>XML
-  parser</span>. <ref spec=XML> <ref spec=XMLNS> <ref spec=RFC7303> <ref spec=DOM></p>
+  <var>COOPEnforcementResult</var>. It must also create and a corresponding <span>XML parser</span>.
+  <ref spec=XML> <ref spec=XMLNS> <ref spec=RFC7303> <ref spec=DOM></p>
 
   <p class="note">At the time of writing, the XML specification community had not actually yet
   specified how XML and the DOM interact.</p> <!--XMLPARSE-->
@@ -83049,21 +83430,21 @@ new PaymentRequest(&hellip;); // Allowed to use
 
   <h4 id="read-text"><dfn data-x="navigate-text">Page load processing model for text files</dfn></h4>
 
-  <p>When a plain text document is to be loaded, provided a <var>browsingContext</var>,
-  <var>request</var>, <var>response</var>, <var>finalSandboxFlags</var>,
+  <p>When a plain text document is to be loaded, provided <var>source</var>,
+  <var>browsingContext</var>, <var>request</var>, <var>response</var>, <var>finalSandboxFlags</var>,
   <var>finalResponseOrigin</var>, <var>incumbentNavigationOrigin</var>,
   <var>activeDocumentNavigationOrigin</var>, <var>environment</var>,<var>responseCOOP</var>, and
-  <var>browsingContextSwitchNeeded</var> the user agent must <span>queue a task</span> on the
+  <var>COOPEnforcementResult</var> the user agent must <span>queue a task</span> on the
   <span>networking task source</span> to:
 
   <ol>
    <li><p>Let <var>document</var> be the result of <span
    data-x="create-the-document-object">creating and initialize a <code>Document</code> object</span>
    providing "<code data-x="">html</code>", <var>type</var>, <var>request</var>,
-   <var>response</var>, <var>browsingContext</var>, <var>finalSandboxFlags</var>,
+   <var>response</var>, <var>source</var>, <var>browsingContext</var>, <var>finalSandboxFlags</var>,
    <var>finalResponseOrigin</var>, <var>incumbentNavigationOrigin</var>,
    <var>activeDocumentNavigationOrigin</var>, <var>environment</var>, <var>responseCOOP</var>, and
-   <var>browsingContextSwitchNeeded</var>.</p></li>
+   <var>COOPEnforcementResult</var>.</p></li>
 
    <li><p>Create an <span>HTML parser</span> and associate it with the <var>document</var>. Act as
    if the tokenizer had emitted a start tag token with the tag name "pre" followed by a single
@@ -83130,20 +83511,20 @@ new PaymentRequest(&hellip;); // Allowed to use
 
   <h4 id="read-media"><dfn data-x="navigate-media">Page load processing model for media</dfn></h4>
 
-  <p>When an image, video, or audio resource is to be loaded, provided a <var>browsingContext</var>,
-  <var>request</var>, <var>response</var>, <var>finalSandboxFlags</var>,
+  <p>When an image, video, or audio resource is to be loaded, provided <var>source</var>,
+  <var>browsingContext</var>, <var>request</var>, <var>response</var>, <var>finalSandboxFlags</var>,
   <var>finalResponseOrigin</var>, <var>incumbentNavigationOrigin</var>,
   <var>activeDocumentNavigationOrigin</var>, <var>environment</var>, <var>responseCOOP</var>,
-  <var>browsingContextSwitchNeeded</var>, the user agent should:
+  <var>COOPEnforcementResult</var>, the user agent should:
 
   <ol>
    <li><p>Let <var>document</var> be the result of <span
    data-x="create-the-document-object">creating and initialize a <code>Document</code> object</span>
    providing "<code data-x="">html</code>", <var>type</var>, <var>request</var>,
-   <var>response</var>, <var>browsingContext</var>, <var>finalSandboxFlags</var>,
+   <var>response</var>, <var>source</var>, <var>browsingContext</var>, <var>finalSandboxFlags</var>,
    <var>finalResponseOrigin</var>, <var>incumbentNavigationOrigin</var>,
    <var>activeDocumentNavigationOrigin</var>, <var>environment</var>, <var>responseCOOP</var>, and
-   <var>browsingContextSwitchNeeded</var>.</p></li>
+   <var>COOPEnforcementResult</var>.</p></li>
 
    <li><p>Append an <code>html</code> element to <var>document</var>.</p></li>
 
@@ -83200,19 +83581,19 @@ new PaymentRequest(&hellip;); // Allowed to use
   <h4 id="read-plugin"><dfn data-x="navigate-plugin">Page load processing model for content that uses plugins</dfn></h4>
 
   <p>When a resource that requires an external resource to be rendered is to be loaded, provided a
-  <var>browsingContext</var>, <var>request</var>, <var>response</var>, <var>sandboxFlags</var>,
-  <var>finalResponseOrigin</var>, <var>incumbentNavigationOrigin</var>,
+  <var>source</var>, <var>browsingContext</var>, <var>request</var>, <var>response</var>,
+  <var>finalSandboxFlags</var>, <var>finalResponseOrigin</var>, <var>incumbentNavigationOrigin</var>,
   <var>activeDocumentNavigationOrigin</var>, <var>environment</var>, <var>responseCOOP</var>, and
-  <var>browsingContextSwitchNeeded</var>, the user agent should:
+  <var>COOPEnforcementResult</var>, the user agent should:
 
   <ol>
    <li><p>Let <var>document</var> be the result of <span
    data-x="create-the-document-object">creating and initialize a <code>Document</code> object</span>
    providing "<code data-x="">html</code>", <var>type</var>, <var>request</var>,
-   <var>response</var>, <var>browsingContext</var>, <var>finalSandboxFlags</var>,
+   <var>response</var>, <var>source</var>, <var>browsingContext</var>, <var>finalSandboxFlags</var>,
    <var>finalResponseOrigin</var>, <var>incumbentNavigationOrigin</var>,
    <var>activeDocumentNavigationOrigin</var>, <var>environment</var>, <var>responseCOOP</var>, and
-   <var>browsingContextSwitchNeeded</var>.</p></li>
+   <var>COOPEnforcementResult</var>.</p></li>
 
    <li><p>Mark <var>document</var> as being a <dfn>plugin document</dfn></p></li>
 
@@ -83259,11 +83640,11 @@ new PaymentRequest(&hellip;); // Allowed to use
 
   <p>When the user agent is to display a user agent page inline, the user agent should <span
   data-x="create-the-document-object">create and initialize a <code>Document</code> object</span>
-  providing "<code data-x="">html</code>", "<code data-x="">text/html</code>", null, null,
-  <var>browsingContext</var>, an empty set, null, null, and null, and then either associate that
-  <code>Document</code> with a custom rendering that is not rendered using the normal
-  <code>Document</code> rendering rules, or mutate that <code>Document</code> until it represents
-  the content the user agent wants to render.</p>
+  providing "<code data-x="">html</code>", "<code data-x="">text/html</code>", null, null, null,
+  <var>browsingContext</var>, an empty set, null, null, null, a new <span>cross-origin opener
+  policy</span>, and false and then either associate that <code>Document</code> with a custom
+ rendering that is not rendered using the normal <code>Document</code> rendering rules, or mutate
+ that <code>Document</code> until it represents the content the user agent wants to render.</p>
 
   <!-- next two paragraphs are similar to the navigate-text section, keep them in sync -->
 
@@ -116213,6 +116594,30 @@ interface <dfn>External</dfn> {
   </dl>
 
 
+  <h3>`<dfn><code
+  data-x="http-cross-origin-opener-policy-report-only">Cross-Origin-Opener-Policy-Report-Only</code></dfn>`</h3>
+
+  <p>This section describes a header for registration in the Permanent Message Header Field
+  Registry. <ref spec=RFC3864></p>
+
+  <dl>
+   <dt>Header field name:</dt>
+   <dd>Cross-Origin-Opener-Policy-Report-Only</dd>
+   <dt>Applicable protocol:</dt>
+   <dd>http</dd>
+   <dt>Status:</dt>
+   <dd>standard</dd>
+   <dt>Author/Change controller:</dt>
+   <dd>WHATWG</dd>
+   <dt>Specification document(s):</dt>
+   <dd>
+    This document is the relevant specification.
+   </dd>
+   <dt>Related information:</dt>
+   <dd>None.</dd>
+  </dl>
+
+
   <h3 id="ping-from">`<dfn><code data-x="http-ping-from">Ping-From</code></dfn>`</h3>
 
   <p>This section describes a header for registration in the Permanent Message Header Field
@@ -116354,6 +116759,7 @@ interface <dfn>External</dfn> {
 
 
 
+
   <h2 split-filename="indices" id="index" class="no-num">Index</h2>
 
   <div w-nodev>
@@ -121200,6 +121606,9 @@ INSERT INTERFACES HERE
    <dt id="refsREFERRERPOLICY">[REFERRERPOLICY]</dt>
    <dd><cite><a href="https://w3c.github.io/webappsec-referrer-policy/">Referrer Policy</a></cite>, J. Eisinger, E. Stark. W3C.</dd>
 
+   <dt id="refsREPORTING">[REPORTING]</dt>
+   <dd><cite><a href="https://w3c.github.io/reporting/">Reporting</a></cite>, D. Creager, I. Clelland, M. West, I. Grigorik, P. Meyer. W3C.</dd>
+
    <dt id="refsREQUESTIDLECALLBACK">[REQUESTIDLECALLBACK]</dt>
    <dd><cite><a href="https://w3c.github.io/requestidlecallback/">Cooperative Scheduling of Background Tasks</a></cite>, R. McIlroy, I. Grigorik. W3C.</dd>