diff --git a/server/previewServer.js b/server/previewServer.js
index ff46a448b0..5deb11b04a 100644
--- a/server/previewServer.js
+++ b/server/previewServer.js
@@ -57,7 +57,11 @@ const corsMiddleware = cors({
   credentials: true,
   origin: allowedCorsOrigins
 });
-app.use(corsMiddleware);
+app.use((req, res, next) => {
+  res.setHeader('Cross-Origin-Embedder-Policy', 'require-corp');
+  res.setHeader('Cross-Origin-Opener-Policy', 'same-origin');
+  corsMiddleware(req, res, next);
+});
 // Enable pre-flight OPTIONS route for all end-points
 app.options('*', corsMiddleware);