diff --git a/fetch.bs b/fetch.bs
index 30dceaceb..aa06de423 100644
--- a/fetch.bs
+++ b/fetch.bs
@@ -1870,6 +1870,25 @@ source of security bugs. Please seek security review for features that deal with
  <a for="URL serializer"><i>exclude fragment</i></a> set to true.
 </ol>
 
+<p>To check <dfn export>Cross-Origin-Embedder-Policy allows credentials</dfn>, given a
+<a for=/>request</a> <var>request</var>, run theses steps:
+
+<ol>
+ <li><p>If <var>request</var>'s <a for=request>mode</a> is not <code>no-cors</code>", return
+ false.</p>
+
+ <li><p>If <var>request</var>'s <a for=request>client</a> is null, return false.</p>
+
+ <li><p>If <var>request</var>'s <a for=request>client</a>'s <a for="environment settings
+ object">embedder policy</a> is not "<code><a for="embedder policy
+ value">cors-or-credentialless</a></code>", return false.</p>
+
+ <li><p>If <var>request</var>'s <a for=request>origin</a> is not <a>same origin</a> with
+ <var>request</var>'s <a for=request>client</a>'s <a for="environment settings object">origin</a>,
+ return false.</p>
+
+ <li><p>Return true.</p>
+</ol>
 
 <h4 id=responses>Responses</h4>
 
@@ -3399,6 +3418,10 @@ Cross-Origin-Resource-Policy     = %s"same-origin" / %s"same-site" / %s"cross-or
  "<code><a for="embedder policy value">require-corp</a></code>", then set <var>policy</var> to
  `<code>same-origin</code>`.
 
+ <li><p>If <var>policy</var> is null, <var>embedderPolicyValue</var> is
+ "<code><a for="embedder policy value">cors-or-credentialless</a></code>", and
+ <var>forNavigation</var> is true, then set <var>policy</var> to `<code>same-origin</code>`.
+
  <li>
   <p>Switch on <var>policy</var>:
 
@@ -4549,6 +4572,10 @@ steps. They return a <a for=/>response</a>.
 
     <p>is true; otherwise false.
 
+   <li>
+    <p>If <a>Cross-Origin-Embedder-Policy allows credentials</a> with <var>request</var>, let
+    <var>includeCredentials</var> be false.</p>
+
    <li><p>Let <var>contentLength</var> be <var>httpRequest</var>'s <a for=request>body</a>'s
    <a for=body>length</a>, if <var>httpRequest</var>'s <a for=request>body</a> is non-null;
    otherwise null.
@@ -7720,6 +7747,7 @@ Arkadiusz Michalski,
 Arne Johannessen,
 Artem Skoretskiy,
 Arthur Barstow,
+Arthur Sonzogni,
 Asanka Herath,
 Axel Rauschmayer,
 Ben Kelly,