Page Security Rules
Page security rules allow you to block services from accessing cookies, storage, forms, and user input fields. Use page security rules to protect your customers' sensitive information like credit card details, passwords, and addresses. Your sales engineer will work with you to create page security rules using the Create Security Rule slider, where you select which page elements you want to block access to and which third parties you want to block or allow.
We recommend that you create page security rules for:
| Checkout Pages |
We recommend that you use a Content Security Policy to only allow six or fewer third parties to access your checkout pages as a best practice. Then use page security rules to block those third parties from accessing form fields and user inputs. We also recommend blocking access to cookies and storage on these pages. |
| Administration and Account Pages | We recommend following a similar practice to checkout pages. Seriously limit the third parties that can access these pages using a content security policy. Then use page security rules to block all access to forms, user inputs, cookies, and storage. |
| Login Fields | Use page security rules to block access to login fields even for third parties that you want to be able to access most of your site's pages. We also recommend that you block access to storage and cookies on all your site's pages. |
| Email Sign-Up Form Fields | Use page security rules to block access to login fields even for third parties that you want to be able to access most of your site's pages. We also recommend that you block access to storage and cookies on all your site's pages. |
First create each rule in report-only mode for testing. Then change the rules to enforce mode by editing the rule on the rule on the Security Rules page.
You must create separate rules for each type of data you want to block access to. For example, if you want to block Facebook's access to form fields, user inputs, cookies, and storage on your checkout pages, you must create four separate page security rules to do so.