diff --git a/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
new file mode 100644
index 00000000000000..bd3a55a2d8fdb0
--- /dev/null
+++ b/html/cross-origin-opener-policy/coop-csp-sandbox-navigate.https.html
@@ -0,0 +1,39 @@
+<!doctype html>
+<title>CSP sandbox popup navigate to Cross-Origin-Opener-Policy document should work</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel -->
+<div id=log>
+<script>
+[
+  "allow-popups allow-scripts allow-same-origin",
+  "allow-popups allow-scripts",
+].forEach(sandboxValue => {
+  async_test(t => {
+    const channel = new BroadcastChannel(token());
+    let popup;
+    channel.onmessage = t.step_func_done(e => {
+      assert_equals(e.data.name, '', 'e.data.name');
+      assert_false(e.data.opener, 'e.data.opener');
+      // `popup` is still the WindowProxy that holds the CSP sandbox document, not the
+      // after-navigation COOP document. The CSP sandbox only applies to the before navigation
+      // document/window.
+      assert_true(popup.closed, 'popup.closed');
+      // Same-origin check (with the CSP sandbox document) should not throw when 'allow-same-origin'
+      if (sandboxValue.includes('allow-same-origin')) {
+        assert_true(!!popup.document, 'same-origin check');
+      } else {
+        assert_throws_dom("SecurityError", () => { popup.document; }, 'same-origin check');
+      }
+    });
+    const navigateTo = `/html/cross-origin-opener-policy/resources/coop-coep.py?coop=same-origin&coep=&channel=${channel.name}`;
+    popup = window.open(`resources/csp-sandbox.py?coop=&coep=&sandbox=${sandboxValue}&channel=&navigate=${encodeURIComponent(navigateTo)}`, sandboxValue.replace(/ /g, '_'));
+    t.add_cleanup(() => { popup.close(); });
+    addEventListener('load', t.step_func(() => {
+      t.step_timeout(() => {
+        assert_unreached('Navigation from CSP sandbox to COOP document failed')
+      }, 1500);
+    }));
+  }, `CSP: sandbox ${sandboxValue}; ${document.title}`);
+});
+</script>
diff --git a/html/cross-origin-opener-policy/coop-csp-sandbox.https.html b/html/cross-origin-opener-policy/coop-csp-sandbox.https.html
new file mode 100644
index 00000000000000..259d484df2cbf7
--- /dev/null
+++ b/html/cross-origin-opener-policy/coop-csp-sandbox.https.html
@@ -0,0 +1,24 @@
+<!doctype html>
+<title>CSP sandboxed Cross-Origin-Opener-Policy popup should result in a network error</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/utils.js"></script> <!-- Use token() to allow running tests in parallel -->
+<div id=log>
+<script>
+[
+  "allow-popups allow-scripts allow-same-origin",
+  "allow-popups allow-scripts",
+].forEach(sandboxValue => {
+  async_test(t => {
+    const channel = new BroadcastChannel(token());
+    channel.onmessage = t.unreached_func("A COOP popup was created from a CSP-sandboxed popup");
+    const popup = window.open(`resources/csp-sandbox.py?coop=same-origin&coep=&sandbox=${sandboxValue}&channel=${channel.name}`);
+    t.add_cleanup(() => { popup.close(); });
+    addEventListener('load', t.step_func(() => {
+      t.step_timeout(() => {
+        t.done()
+      }, 1500);
+    }));
+  }, `CSP: sandbox ${sandboxValue}; ${document.title}`);
+});
+</script>
diff --git a/html/cross-origin-opener-policy/resources/common.js b/html/cross-origin-opener-policy/resources/common.js
index 5a1744cd9ceaa4..18656cd9e6e1e9 100644
--- a/html/cross-origin-opener-policy/resources/common.js
+++ b/html/cross-origin-opener-policy/resources/common.js
@@ -102,3 +102,17 @@ function run_coop_test_iframe (documentTitle, iframe_origin, popup_origin, popup
       document.body.append(frame);
   }, `${documentTitle} with ${iframe_origin.name} iframe opening popup a ${popup_origin.name} with COOP: ${format_value(popup_coop)}`);
 }
+
+// Wait until the page is fully loaded before navigating
+// so that it creates a history entry properly.
+function fullyLoaded() {
+  return new Promise((resolve, reject) => {
+    addEventListener('load', () => {
+      requestAnimationFrame(() => {
+        requestAnimationFrame(() => {
+          resolve();
+        });
+      });
+    });
+  });
+}
diff --git a/html/cross-origin-opener-policy/resources/coop-coep.py b/html/cross-origin-opener-policy/resources/coop-coep.py
index 285b961e996917..04b673bf2d9732 100644
--- a/html/cross-origin-opener-policy/resources/coop-coep.py
+++ b/html/cross-origin-opener-policy/resources/coop-coep.py
@@ -26,29 +26,19 @@ def main(request, response):
 <!doctype html>
 <meta charset=utf-8>
 <script src="/common/get-host-info.sub.js"></script>
-<body></body>
+<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
+<body>
 <script>
   const params = new URL(location).searchParams;
   const navHistory = params.get("navHistory");
   const avoidBackAndForth = params.get("avoidBackAndForth");
   const navigate = params.get("navigate");
-  // Need to wait until the page is fully loaded before navigating
-  // so that it creates a history entry properly.
-  const fullyLoaded = new Promise((resolve, reject) => {
-    addEventListener('load', () => {
-      requestAnimationFrame(() => {
-        requestAnimationFrame(() => {
-          resolve();
-        });
-      });
-    });
-  });
   if (navHistory !== null) {
-    fullyLoaded.then(() => {
+    fullyLoaded().then(() => {
       history.go(Number(navHistory));
     });
   } else if (navigate !== null && (history.length === 1 || !avoidBackAndForth)) {
-    fullyLoaded.then(() => {
+    fullyLoaded().then(() => {
       self.location = navigate;
     });
   } else {
@@ -74,4 +64,5 @@ def main(request, response):
     document.body.appendChild(iframe);
   }
 </script>
+</body>
 """
diff --git a/html/cross-origin-opener-policy/resources/csp-sandbox.py b/html/cross-origin-opener-policy/resources/csp-sandbox.py
new file mode 100644
index 00000000000000..ed415c431eca42
--- /dev/null
+++ b/html/cross-origin-opener-policy/resources/csp-sandbox.py
@@ -0,0 +1,29 @@
+def main(request, response):
+    coop = request.GET.first(b"coop")
+    coep = request.GET.first(b"coep")
+    sandbox = request.GET.first(b"sandbox")
+    if coop != "":
+        response.headers.set(b"Cross-Origin-Opener-Policy", coop)
+    if coep != "":
+        response.headers.set(b"Cross-Origin-Embedder-Policy", coep)
+    response.headers.set(b"Content-Security-Policy", b"sandbox " + sandbox + b";")
+
+    # Open a popup to coop-coep.py with the same parameters (except sandbox)
+    response.content = b"""
+<!doctype html>
+<meta charset=utf-8>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/html/cross-origin-opener-policy/resources/common.js"></script>
+<script>
+  const params = new URL(location).searchParams;
+  params.delete("sandbox");
+  const navigate = params.get("navigate");
+  if (navigate) {
+    fullyLoaded().then(() => {
+      self.location = navigate;
+    });
+  } else {
+    window.open(`/html/cross-origin-opener-policy/resources/coop-coep.py?${params}`);
+  }
+</script>
+"""