1) NoScript Options > Advanced, enable Cross-tab identity leak protection everywhere
2) in Per-site Permissions, set to TRUSTED:
3) visit https://flathub.org/home
4) click e.g. the listing for Google Chrome
5) middle-click the "See details" link under "Publisher" to open it in new tab
Actual results: Clicking several same-origin links on the Github tab will eventually make the cross-tab identity leak protection trip on one of these same-origin link loads. It seems random when this happens.