diff --git a/packages/sirv-cli/bin.js b/packages/sirv-cli/bin.js
index 9a7d054..bf1371a 100644
--- a/packages/sirv-cli/bin.js
+++ b/packages/sirv-cli/bin.js
@@ -16,6 +16,7 @@ sade('sirv [dir]')
 	.option('-e, --etag', 'Enable "ETag" header')
 	.option('-d, --dotfiles', 'Enable dotfile asset requests')
 	.option('-c, --cors', 'Enable "CORS" headers to allow any origin requestor')
+	.option('-CP --corp', 'Enable "CORP" headers, set to same-orgin')
 	.option('-G, --gzip', 'Send precompiled "*.gz" files when "gzip" is supported', true)
 	.option('-B, --brotli', 'Send precompiled "*.br" files when "brotli" is supported', true)
 	.option('-m, --maxage', 'Enable "Cache-Control" header & define its "max-age" value (sec)')
@@ -39,6 +40,7 @@ sade('sirv [dir]')
 			immutable: false,
 			http2: false,
 			cors: false,
+			corp: false,
 			logs: true,
 		}
 	});
diff --git a/packages/sirv-cli/index.js b/packages/sirv-cli/index.js
index 7810262..d6917d9 100644
--- a/packages/sirv-cli/index.js
+++ b/packages/sirv-cli/index.js
@@ -34,11 +34,15 @@ module.exports = function (dir, opts) {
 	dir = resolve(dir || '.');
 	opts.maxAge = opts.m;
 
-	if (opts.cors) {
-		opts.setHeaders = res => {
+	opts.setHeaders = res => {
+		if (opts.cors) {
 			res.setHeader('Access-Control-Allow-Origin', '*');
 			res.setHeader('Access-Control-Allow-Headers', 'Origin, Content-Type, Accept, Range');
 		}
+		if (opts.corp) {
+			res.setHeader('Cross-Origin-Embedder-Policy', 'require-corp');
+			res.setHeader('Cross-Origin-Opener-Policy', 'same-origin');
+		}
 	}
 
 	let server;