diff --git a/.htaccess b/.htaccess
index 986c1ab..68b69ab 100644
--- a/.htaccess
+++ b/.htaccess
@@ -207,6 +207,8 @@ RewriteRule .* index.php [L]
 	Header always set Referrer-Policy "no-referrer-when-downgrade"
 	# Strict-Transport-Security
 	Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+	# Cross-Origin-Opener-Policy
+	Header always set Cross-Origin-Opener-Policy "same-origin"
 	# Content-Security-Policy-Report-Only 
 	Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.joomla.org https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com; connect-src 'self' https://*.joomla.org https://*.pingdom.net https://*.google-analytics.com https://*.doubleclick.net; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.google.com https://www.googletagmanager.com https://www.youtube.com; font-src 'self' https://fonts.gstatic.com https://*.joomla.org; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net https://*.gstatic.com https://*.google.com https://*.googleapis.com; frame-ancestors 'self'; report-uri https://joomla.report-uri.com/r/t/csp/enforce"
 </IfModule>