diff --git a/CHANGELOG.md b/CHANGELOG.md
index 23dc34c37dc..58546a4344e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,9 @@
 * Accept the `--skip` flag with `wasm-bindgen-test-runner`.
   [#3803](https://github.com/rustwasm/wasm-bindgen/pull/3803)
 
+* Introduce environment variable `WASM_BINDGEN_TEST_NO_ORIGIN_ISOLATION` to disable origin isolation for `wasm-bindgen-test-runner`.
+  [#3807](https://github.com/rustwasm/wasm-bindgen/pull/3807)
+
 ### Changed
 
 * Stabilize `ClipboardEvent`.
diff --git a/crates/cli/src/bin/wasm-bindgen-test-runner/main.rs b/crates/cli/src/bin/wasm-bindgen-test-runner/main.rs
index fec449bb57e..88d5bc686d9 100644
--- a/crates/cli/src/bin/wasm-bindgen-test-runner/main.rs
+++ b/crates/cli/src/bin/wasm-bindgen-test-runner/main.rs
@@ -250,6 +250,7 @@ fn main() -> anyhow::Result<()> {
                 &args,
                 &tests,
                 test_mode,
+                std::env::var("WASM_BINDGEN_TEST_NO_ORIGIN_ISOLATION").is_err(),
             )
             .context("failed to spawn server")?;
             let addr = srv.server_addr();
diff --git a/crates/cli/src/bin/wasm-bindgen-test-runner/server.rs b/crates/cli/src/bin/wasm-bindgen-test-runner/server.rs
index 8c7b8ae40fa..9c434a00010 100644
--- a/crates/cli/src/bin/wasm-bindgen-test-runner/server.rs
+++ b/crates/cli/src/bin/wasm-bindgen-test-runner/server.rs
@@ -17,6 +17,7 @@ pub(crate) fn spawn(
     args: &[OsString],
     tests: &[String],
     test_mode: TestMode,
+    isolate_origin: bool,
 ) -> Result<Server<impl Fn(&Request) -> Response + Send + Sync>, Error> {
     let mut js_to_execute = String::new();
 
@@ -291,7 +292,14 @@ pub(crate) fn spawn(
                     "<script src='run.js' type=module></script>",
                 )
             };
-            return set_isolate_origin_headers(Response::from_data("text/html", s));
+
+            let mut response = Response::from_data("text/html", s);
+
+            if isolate_origin {
+                set_isolate_origin_headers(&mut response)
+            }
+
+            return response;
         }
 
         // Otherwise we need to find the asset here. It may either be in our
@@ -304,7 +312,10 @@ pub(crate) fn spawn(
         // Make sure browsers don't cache anything (Chrome appeared to with this
         // header?)
         response.headers.retain(|(k, _)| k != "Cache-Control");
-        set_isolate_origin_headers(response)
+        if isolate_origin {
+            set_isolate_origin_headers(&mut response)
+        }
+        response
     })
     .map_err(|e| anyhow!("{}", e))?;
     return Ok(srv);
@@ -346,7 +357,7 @@ pub(crate) fn spawn(
  * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy#certain_features_depend_on_cross-origin_isolation
  * https://security.googleblog.com/2018/07/mitigating-spectre-with-site-isolation.html
  */
-fn set_isolate_origin_headers(mut response: Response) -> Response {
+fn set_isolate_origin_headers(response: &mut Response) {
     response.headers.push((
         Cow::Borrowed("Cross-Origin-Opener-Policy"),
         Cow::Borrowed("same-origin"),
@@ -355,6 +366,4 @@ fn set_isolate_origin_headers(mut response: Response) -> Response {
         Cow::Borrowed("Cross-Origin-Embedder-Policy"),
         Cow::Borrowed("require-corp"),
     ));
-
-    response
 }