I have a nginx docker handling the ssl, then a wordpress docker in http. <iframe style="overflow: hidden; height: 100%; width: 100%;" src="https://test.com:3300" width="100%" height="100%" sandbox="allow-scripts allow-same-origin" allow="cross-origin-isolated"></iframe Now I want to add an iframe in a page, this iframe is one instance of another docker I have, I can access this site without problems. The problem is because I used a Iframe and I get this: SharedArrayBuffer is NOT supported in your browser in the nginx.conf I have this: server { listen 3300 ssl; server_name test.com; ssl_certificate /etc/letsencrypt/live/test.com/cert.pem; ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem; location / { proxy_pass http://192.168.0.226:3000; proxy_set_header Cross-Origin-Opener-Policy "same-origin"; proxy_set_header Cross-Origin-Embedder-Policy "require-corp"; add_header Content-Security-Policy "frame-src 'self' wss://test.com:3000/ws https://test.com:3300 https://test.com:3400 https://test.com:3000 https://test.com:3500 https://test.com:8040 https://test.com:8040/dicom-web/studies; script-src 'self' 'unsafe-inline'"; add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'Authorization, Content-Type'; add_header Access-Control-Allow-Credentials 'true'; client_max_body_size 100M; proxy_buffering on; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; } } server { listen 3500 ssl; server_name test.com; ssl_certificate /etc/letsencrypt/live/test.com/cert.pem; ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem; location / { proxy_pass http://192.168.0.226:3400; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header Cross-Origin-Opener-Policy "same-origin"; proxy_set_header Cross-Origin-Embedder-Policy "require-corp"; add_header Content-Security-Policy "frame-src 'self' wss://test.com:3000/ws https://test.com:3300 https://test.com:3400 https://test.com:3000 https://test.com:3500 https://test.com:8040 https://test.com:8040/dicom-web/studies; script-src 'self' 'unsafe-inline'"; add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'Authorization, Content-Type'; add_header Access-Control-Allow-Credentials 'true'; client_max_body_size 100M; proxy_buffering on; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; } } Where I add proxy_set_header Cross-Origin-Opener-Policy "same-origin"; AND proxy_set_header Cross-Origin-Embedder-Policy "require-corp"; Why is not possible to add an iframe like this?