diff --git a/vue2-app/public/coi-serviceworker.min.js b/vue2-app/public/coi-serviceworker.min.js
new file mode 100644
index 0000000..117f9f8
--- /dev/null
+++ b/vue2-app/public/coi-serviceworker.min.js
@@ -0,0 +1,2 @@
+/*! coi-serviceworker v0.1.7 - Guido Zuidhof and contributors, licensed under MIT */
+let coepCredentialless=!1;"undefined"==typeof window?(self.addEventListener("install",(()=>self.skipWaiting())),self.addEventListener("activate",(e=>e.waitUntil(self.clients.claim()))),self.addEventListener("message",(e=>{e.data&&("deregister"===e.data.type?self.registration.unregister().then((()=>self.clients.matchAll())).then((e=>{e.forEach((e=>e.navigate(e.url)))})):"coepCredentialless"===e.data.type&&(coepCredentialless=e.data.value))})),self.addEventListener("fetch",(function(e){const o=e.request;if("only-if-cached"===o.cache&&"same-origin"!==o.mode)return;const s=coepCredentialless&&"no-cors"===o.mode?new Request(o,{credentials:"omit"}):o;e.respondWith(fetch(s).then((e=>{if(0===e.status)return e;const o=new Headers(e.headers);return o.set("Cross-Origin-Embedder-Policy",coepCredentialless?"credentialless":"require-corp"),coepCredentialless||o.set("Cross-Origin-Resource-Policy","cross-origin"),o.set("Cross-Origin-Opener-Policy","same-origin"),new Response(e.body,{status:e.status,statusText:e.statusText,headers:o})})).catch((e=>console.error(e))))}))):(()=>{const e=window.sessionStorage.getItem("coiReloadedBySelf");window.sessionStorage.removeItem("coiReloadedBySelf");const o="coepdegrade"==e,s={shouldRegister:()=>!e,shouldDeregister:()=>!1,coepCredentialless:()=>!0,coepDegrade:()=>!0,doReload:()=>window.location.reload(),quiet:!1,...window.coi},r=navigator,t=r.serviceWorker&&r.serviceWorker.controller;t&&!window.crossOriginIsolated&&window.sessionStorage.setItem("coiCoepHasFailed","true");const i=window.sessionStorage.getItem("coiCoepHasFailed");if(t){const e=s.coepDegrade()&&!(o||window.crossOriginIsolated);r.serviceWorker.controller.postMessage({type:"coepCredentialless",value:!(e||i&&s.coepDegrade())&&s.coepCredentialless()}),e&&(!s.quiet&&console.log("Reloading page to degrade COEP."),window.sessionStorage.setItem("coiReloadedBySelf","coepdegrade"),s.doReload("coepdegrade")),s.shouldDeregister()&&r.serviceWorker.controller.postMessage({type:"deregister"})}!1===window.crossOriginIsolated&&s.shouldRegister()&&(window.isSecureContext?r.serviceWorker?r.serviceWorker.register(window.document.currentScript.src).then((e=>{!s.quiet&&console.log("COOP/COEP Service Worker registered",e.scope),e.addEventListener("updatefound",(()=>{!s.quiet&&console.log("Reloading page to make use of updated COOP/COEP Service Worker."),window.sessionStorage.setItem("coiReloadedBySelf","updatefound"),s.doReload()})),e.active&&!r.serviceWorker.controller&&(!s.quiet&&console.log("Reloading page to make use of COOP/COEP Service Worker."),window.sessionStorage.setItem("coiReloadedBySelf","notcontrolling"),s.doReload())}),(e=>{!s.quiet&&console.error("COOP/COEP Service Worker failed to register:",e)})):!s.quiet&&console.error("COOP/COEP Service Worker not registered, perhaps due to private mode."):!s.quiet&&console.log("COOP/COEP Service Worker not registered, a secure context is required."))})();
\ No newline at end of file
diff --git a/vue2-app/src/main.js b/vue2-app/src/main.js
index cb7140b..4c2e1f5 100644
--- a/vue2-app/src/main.js
+++ b/vue2-app/src/main.js
@@ -2,8 +2,10 @@ import Vue from 'vue';
 import App from './components/App';
 import Trame from './use';
 
+import vtkURLExtract from '@kitware/vtk.js/Common/Core/URLExtract';
+
 import { setAddAttachment } from './components/Connect/trame/decorators';
-import { handlePageUpdate, GLOBAL_VUE_OPTIONS } from './components/Connect/trame/state';
+import { handlePageUpdate, loadScript, GLOBAL_VUE_OPTIONS } from './components/Connect/trame/state';
 import wslink from './components/Connect/wslink';
 
 const DEFAULT_CONNECTION_NAME = 'TrameConnect';
@@ -61,4 +63,11 @@ async function initializeApplication(Vue) {
   }).$mount('#app');
 }
 
+// Initialize service worker to override headers for SharedArrayBuffer
+// > Cross-Origin-Opener-Policy: same-origin
+// > Cross-Origin-Embedder-Policy: require-corp
+if (!vtkURLExtract.extractURLParameters().disableSharedArrayBuffer) {
+  loadScript('coi-serviceworker.min.js');
+}
+
 initializeApplication(Vue);
diff --git a/vue3-app/public/coi-serviceworker.min.js b/vue3-app/public/coi-serviceworker.min.js
new file mode 100644
index 0000000..117f9f8
--- /dev/null
+++ b/vue3-app/public/coi-serviceworker.min.js
@@ -0,0 +1,2 @@
+/*! coi-serviceworker v0.1.7 - Guido Zuidhof and contributors, licensed under MIT */
+let coepCredentialless=!1;"undefined"==typeof window?(self.addEventListener("install",(()=>self.skipWaiting())),self.addEventListener("activate",(e=>e.waitUntil(self.clients.claim()))),self.addEventListener("message",(e=>{e.data&&("deregister"===e.data.type?self.registration.unregister().then((()=>self.clients.matchAll())).then((e=>{e.forEach((e=>e.navigate(e.url)))})):"coepCredentialless"===e.data.type&&(coepCredentialless=e.data.value))})),self.addEventListener("fetch",(function(e){const o=e.request;if("only-if-cached"===o.cache&&"same-origin"!==o.mode)return;const s=coepCredentialless&&"no-cors"===o.mode?new Request(o,{credentials:"omit"}):o;e.respondWith(fetch(s).then((e=>{if(0===e.status)return e;const o=new Headers(e.headers);return o.set("Cross-Origin-Embedder-Policy",coepCredentialless?"credentialless":"require-corp"),coepCredentialless||o.set("Cross-Origin-Resource-Policy","cross-origin"),o.set("Cross-Origin-Opener-Policy","same-origin"),new Response(e.body,{status:e.status,statusText:e.statusText,headers:o})})).catch((e=>console.error(e))))}))):(()=>{const e=window.sessionStorage.getItem("coiReloadedBySelf");window.sessionStorage.removeItem("coiReloadedBySelf");const o="coepdegrade"==e,s={shouldRegister:()=>!e,shouldDeregister:()=>!1,coepCredentialless:()=>!0,coepDegrade:()=>!0,doReload:()=>window.location.reload(),quiet:!1,...window.coi},r=navigator,t=r.serviceWorker&&r.serviceWorker.controller;t&&!window.crossOriginIsolated&&window.sessionStorage.setItem("coiCoepHasFailed","true");const i=window.sessionStorage.getItem("coiCoepHasFailed");if(t){const e=s.coepDegrade()&&!(o||window.crossOriginIsolated);r.serviceWorker.controller.postMessage({type:"coepCredentialless",value:!(e||i&&s.coepDegrade())&&s.coepCredentialless()}),e&&(!s.quiet&&console.log("Reloading page to degrade COEP."),window.sessionStorage.setItem("coiReloadedBySelf","coepdegrade"),s.doReload("coepdegrade")),s.shouldDeregister()&&r.serviceWorker.controller.postMessage({type:"deregister"})}!1===window.crossOriginIsolated&&s.shouldRegister()&&(window.isSecureContext?r.serviceWorker?r.serviceWorker.register(window.document.currentScript.src).then((e=>{!s.quiet&&console.log("COOP/COEP Service Worker registered",e.scope),e.addEventListener("updatefound",(()=>{!s.quiet&&console.log("Reloading page to make use of updated COOP/COEP Service Worker."),window.sessionStorage.setItem("coiReloadedBySelf","updatefound"),s.doReload()})),e.active&&!r.serviceWorker.controller&&(!s.quiet&&console.log("Reloading page to make use of COOP/COEP Service Worker."),window.sessionStorage.setItem("coiReloadedBySelf","notcontrolling"),s.doReload())}),(e=>{!s.quiet&&console.error("COOP/COEP Service Worker failed to register:",e)})):!s.quiet&&console.error("COOP/COEP Service Worker not registered, perhaps due to private mode."):!s.quiet&&console.log("COOP/COEP Service Worker not registered, a secure context is required."))})();
\ No newline at end of file
diff --git a/vue3-app/src/core/trame/setup.js b/vue3-app/src/core/trame/setup.js
index 6f16d86..4ef79a9 100644
--- a/vue3-app/src/core/trame/setup.js
+++ b/vue3-app/src/core/trame/setup.js
@@ -9,7 +9,7 @@
 
 var LOADED_URLS = [];
 
-function loadScript(url) {
+export function loadScript(url) {
   return new Promise(function (resolve, reject) {
     if (LOADED_URLS.indexOf(url) === -1) {
       LOADED_URLS.push(url);
@@ -25,7 +25,7 @@ function loadScript(url) {
   });
 }
 
-function loadScriptAsModule(url) {
+export function loadScriptAsModule(url) {
   return new Promise(function (resolve, reject) {
     if (LOADED_URLS.indexOf(url) === -1) {
       LOADED_URLS.push(url);
diff --git a/vue3-app/src/main.js b/vue3-app/src/main.js
index 53aaa02..5ba24d9 100644
--- a/vue3-app/src/main.js
+++ b/vue3-app/src/main.js
@@ -1,7 +1,7 @@
 import "./style.css";
 import vtkURLExtract from "@kitware/vtk.js/Common/Core/URLExtract";
 import wslink from "./core/wslink";
-import { handlePageResources } from "./core/trame/setup";
+import { handlePageResources, loadScript } from "./core/trame/setup";
 import { createTrameInstance } from "./core/trame";
 import TrameUse from "./use";
 
@@ -105,4 +105,11 @@ async function start() {
   app.mount("#app");
 }
 
+// Initialize service worker to override headers for SharedArrayBuffer
+// > Cross-Origin-Opener-Policy: same-origin
+// > Cross-Origin-Embedder-Policy: require-corp
+if (!vtkURLExtract.extractURLParameters().disableSharedArrayBuffer) {
+  loadScript("coi-serviceworker.min.js");
+}
+
 start();