On a server (that's running Apache) where I have a hosting account, I solved that by using this .htaccess file:
Header set Cross-Origin-Opener-Policy "same-origin"
Header set Cross-Origin-Embedder-Policy "require-corp"
There are other ways of providing those headers, such as PHP or Javascript. And in Godot, there's a setting Project >> Export... >> Web >> Options >> HTML >> Head Include, which might be used for that purpose, but I'm not sure.
But Godot 4 HTML5 requires HTTPS, and I haven't purchased a security certificate for my domain, so users get a scary warning message about the missing certificate.
On itch.io, those headers are provided if you check the "SharedArrayBuffer support" box when uploading your game. And itch.io has its own security certificate, so users don't get the warning message.