Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Protect Context Menu

  1. Last updated
  2. Save as PDF

This topic provides an overview of Context Menu Protection ruleset designed to prevent content exfiltration from browsers, along with common use cases. It disables the right-click menu to prevent the use of actions that might expose sensitive data.

These policies provide stronger control over sensitive content, especially in applications where copying must be restricted.

Use Case:  Prevent Sensitive Data Exfiltration 

A financial services company wants to stop employees from copying confidential client information from a browser‑based CRM. When Context Menu Protection is enabled, right‑click options such as Copy or Save As are disabled, right-click options, such as Copy, Copy link to highlight, Search Google for, Print, Open in reading mode, Translate selection, or Inspect options are also disabled, reducing the risk of data leakage:

clipboard_e1a15803a50ffb00ee33ae4c3fdcd6142.png

To Add Context Menu Protection Ruleset:

  1. Navigate to Policy Web Policy > Policy.
    The Web Policy window opens.
  2. Click the Secure Browser Controls ruleset.
  3. Click the three‑dot menu and under the Add New Ruleset pop-up, select From Library.
    The Select Library Rulesets pop-up displays.

    clipboard_ef85b4b91060b65a2d1fd1f3e20fe2a19.png
     
  4. In the Secure Browser Controls ruleset list, check the Context Menu Protect box.
  5. Click Add.
    The Context Menu Protect rule is added under the Secure Browser Controls ruleset:

    clipboard_eaf9817ec18343bf2ab93fdac3dfc167d.png
     
  6. In the left navigation panel, click the Text Download Protection rule.
  7. Toggle the On/Off button to enable the rule.
  8. Click the yellow badge to publish.

NOTE: Scope the rule to specific sites or groups of sites where protection is required. Blocking text extraction from every site may reduce usability.

You can apply these rule sets to:

  • All traffic
  • Any subset of sites or users using normal SWG scoping criteria sites matching one of the exclusions lists will automatically have this feature disabled.
  • Default site exclusions (maintained within the system)
  • User‑defined site exclusions (custom lists maintained)

Default site exclusions are maintained by Skyhigh to cover sites where the feature has been found to be problematic, and administrators can add their own exclusions as needed to the user defined site exclusions list. This flexibility enables you to block context menu actions globally, or only for specific sites.

When policies are applied Right‑click actions trigger a standard block page. You can customize messages to align with organizational requirements.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.