Troubleshooting Secure Browser Controls

Customised Block Pages

If the page uses an imported block page, the custom document may not trigger agentless notifications. Check whether the page includes sw.js. If it does not, add the following line near the end of the document body. Then upload the document to the notification page again.

<script src="/mwg-internal/de5fs23hm64ds/files/javascript/sw.js" type="text/javascript"></script>

Inspect Transaction

• Check web access logs, DLP incident logs, browser DevTools console, and network traffic. Some websites use end-to-end encryption, so Skyhigh Web Gateway cannot inspect the transaction. If SWG does not block the transaction, no notification appears.
  
  Here is a sample of a standard Agentless Notification:
   
• 

Ensure Proper Execution of Agentless Notifications Code

• Check the browser devtools network flows for https://static.mwginternal.com/blockups.js. If the JavaScript file is not requested, it likely means the Skyhigh Web Gateway policy is not configured to inject JavaScript on this page, or the page request did not go through SWG.

• Check the browser console during page load for the message Skyhigh block listener initializing. If this message does not appear, it means the JavaScript was either not injected or did not run correctly, likely blocked by a new CSP permutation preventing our code from running.

• Check the browser console for errors from or reported against blockups.js. If errors or the browser reports are blocking the code due to a CSP issue, the iframe likely won't display.
  
  

Open a ticket

• Open the Developer Tools Console in your browser.
• Right-click on any message in the Console tab.
• Select Save As to save the console output.
• Switch to the Network tab in Developer Tools.
• Click the downward arrow icon (usually located at the top-right of the panel).
• Select Export HAR or Export HAR (sanitized), depending on your browser version.
• Provide the browser console (copy all) and the HAR file capturing from the initial page load to the failure to render.

Workaround

• Disable the Agentless Notifications for this site.

Issue: Blocked Content vs. Agentless Notifications

• Repeat the test with Agentless Notifications disabled for the site. Perform a full page reload (Ctrl+Shift+R) to remove the agentless injection from the cache. Many pages may exhibit unexpected behavior if network transactions are blocked, regardless of whether agentless notifications are present.

• Check the browser console for errors related to the Content Security Policy.
  Injecting JavaScript into the original page requires carefully modifying the page’s Content Security Policy. This has been tested extensively, but modifications may still break the original page functionality.
  
  

Open a ticket

• Open the Developer Tools Console in your browser.
• Right-click on any message in the Console tab.
• Select Save As to save the console output.
• Switch to the Network tab in Developer Tools.
• Click the downward arrow icon (usually located at the top-right of the panel).
• Select Export HAR or Export HAR (sanitized), depending on your browser version.
• Provide browser console (copy all) and HAR file capturing from initial page load through to failure to render.

Workaround

• Disable the Agentless Notifications for this site.

Open a ticket

• Open the Developer Tools Console in your browser.
• Right-click on any message in the Console tab.
• Select Save As to save the console output.
• Switch to the Network tab in Developer Tools.
• Click the downward arrow icon (usually located at the top-right of the panel).
• Select Export HAR or Export HAR (sanitized), depending on your browser version.
• Provide browser console (copy all) and HAR file capturing from initial page load through to failure to render.

Workaround

• Disable the Agentless Notifications for this site.