Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Apply Clickjack Protection to Less Common Browsers

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Apply Clickjack Protection to Less Common Browsers

            To help protect your users against clickjacking attacks, Salesforce applies the Content-Security-Policy: frame-ancestors HTTP header directive to the pages that Salesforce serves when that directive is supported. To extend clickjack protection to more users, include that directive in the rare cases when Salesforce can’t identify whether the requesting app or specialized browser supports the directive.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            Available in: Contact Manager, Group, Professional, Enterprise, Performance, Unlimited, and Developer Editions
            User Permissions Needed
            To modify session security settings: Customize Application

            The supported browsers and devices for Salesforce Lightning Experience and Salesforce Classic support the required HTTP header directive for clickjacking protection. We recommend that you enable this feature only if your users access Salesforce via unsupported apps or specialized browsers with unclear support for Content-Security-Policy: frame-ancestors.

            Warning
            Warning When this option is enabled, users who access Salesforce via an app or browser that doesn’t support the Content-Security-Policy: frame-ancestors directive can experience errors if that lack of support is unclear. We encourage you to test this feature in a sandbox via your users’ apps and browsers. Then weigh the benefit of the additional clickjack protection against the errors that users can experience.
            1. From Setup, in the Quick Find box, enter Session Settings, and then select Session Settings.
            2. In the Content Security Policy (CSP) Directive Rendering section, select Apply CSP directives for less common browsers, and then save your changes.

            See Also

             
            Loading
            Salesforce Help | Article