diff --git a/dockerfiles/nginx/proxito.conf.template b/dockerfiles/nginx/proxito.conf.template
index 359935ce630..76409641915 100644
--- a/dockerfiles/nginx/proxito.conf.template
+++ b/dockerfiles/nginx/proxito.conf.template
@@ -114,6 +114,7 @@ server {
         add_header X-Content-Type-Options $x_content_type_options always;
 
         # https://docs.djangoproject.com/en/4.2/ref/middleware/#cross-origin-opener-policy
+        proxy_hide_header Cross-Origin-Opener-Policy;
         set $cross_origin_opener_policy $upstream_http_cross_origin_opener_policy;
         add_header Cross-Origin-Opener-Policy $cross_origin_opener_policy always;
 
diff --git a/readthedocs/projects/migrations/0159_add_header_cross_origin_opener_policy.py b/readthedocs/projects/migrations/0159_add_header_cross_origin_opener_policy.py
new file mode 100644
index 00000000000..f3584bf2a2e
--- /dev/null
+++ b/readthedocs/projects/migrations/0159_add_header_cross_origin_opener_policy.py
@@ -0,0 +1,31 @@
+# Generated by Django 5.2.8 on 2026-02-14 02:59
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("projects", "0158_add_search_subproject_filter_option"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="httpheader",
+            name="name",
+            field=models.CharField(
+                choices=[
+                    ("access_control_allow_origin", "Access-Control-Allow-Origin"),
+                    ("access_control_allow_headers", "Access-Control-Allow-Headers"),
+                    ("access_control_expose_headers", "Access-Control-Expose-Headers"),
+                    ("content_security_policy", "Content-Security-Policy"),
+                    ("cross_origin_opener_policy", "Cross-Origin-Opener-Policy"),
+                    ("feature_policy", "Feature-Policy"),
+                    ("permissions_policy", "Permissions-Policy"),
+                    ("referrer_policy", "Referrer-Policy"),
+                    ("x_frame_options", "X-Frame-Options"),
+                    ("x_content_type_options", "X-Content-Type-Options"),
+                ],
+                max_length=128,
+            ),
+        ),
+    ]
diff --git a/readthedocs/projects/models.py b/readthedocs/projects/models.py
index 7e9d0ee85b2..4acfeb45517 100644
--- a/readthedocs/projects/models.py
+++ b/readthedocs/projects/models.py
@@ -2028,6 +2028,7 @@ class HTTPHeader(TimeStampedModel, models.Model):
         ("access_control_allow_headers", "Access-Control-Allow-Headers"),
         ("access_control_expose_headers", "Access-Control-Expose-Headers"),
         ("content_security_policy", "Content-Security-Policy"),
+        ("cross_origin_opener_policy", "Cross-Origin-Opener-Policy"),
         ("feature_policy", "Feature-Policy"),
         ("permissions_policy", "Permissions-Policy"),
         ("referrer_policy", "Referrer-Policy"),