diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2c09df55..9f2068a4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - TypeScript version upgraded from `4.4.4` to `4.7.4`.
 - `PlaygroundConnectedElement` `project` is now permitted to be `undefined` according to TypeScript.
 
+### Added
+
+- The service worker now sets the [`Cross-Origin-Embedder-Policy: require-corp`](https://html.spec.whatwg.org/multipage/origin.html#coep-require-corp)
+  heading on all responses.
+
 ## [0.16.3] - 2022-08-02
 
 ### Added
diff --git a/src/service-worker/playground-service-worker.ts b/src/service-worker/playground-service-worker.ts
index ba388841..a638a2b1 100755
--- a/src/service-worker/playground-service-worker.ts
+++ b/src/service-worker/playground-service-worker.ts
@@ -112,6 +112,7 @@ const getFile = async (_e: FetchEvent, path: string, sessionId: SessionID) => {
   // https://web.dev/origin-agent-cluster/
   // https://html.spec.whatwg.org/multipage/origin.html#origin-keyed-agent-clusters
   headers.set('Origin-Agent-Cluster', '?1');
+  headers.set('Cross-Origin-Embedder-Policy', 'require-corp');
   if (contentType) {
     headers.set('Content-Type', contentType);
   }