Citrix Secure Private Access™ Hybrid Deployment

Browser policies

April 29, 2026

Contributed by:

Citrix Secure Private Access supports security policies that are delivered to and enforced by the Citrix Secure Access browser extension for Google Chrome Enterprise Premium (CEP). You can configure these policies from the Secure Private Access admin console (Policies > Browser policies). Administrators can add policies based on context and assign priority order for evaluation.

Supported deployments:

Browser policies are supported for both hybrid and service-based Secure Private Access deployments with Chrome Enterprise Premium (CEP).

Policy evaluation:

Browser policies are evaluated using the following rules:

Policies are evaluated in the priority order, where the lowest number indicates the highest priority.
The first policy that matches the current user’s conditions is applied.
If no policy matches, no browser security controls are enforced.
User identity is determined from the authenticated session established through the CEP Partner Connector. The identity in the request payload is not used for evaluation.

Verify browser policy enforcement:

To confirm that anti-keylogging policies are delivered and enforced:

Sign in to a CEP-managed endpoint where a browser policy is expected to apply.
Open a web application published through Secure Private Access.
Verify that the Citrix native agent indicator appears, confirming that anti-keylogging is active.
If the policy is not applied, check the following:
- The browser extension is installed and enabled.
- The Citrix native agent is installed on the endpoint.
- The CEP Partner Connector is operational.
- The user is a member of a group matched to a configured policy.
- For hybrid deployments, ensure that the Secure Private Access plug-in is communicating with Citrix Cloud and that configuration synchronization is current.

Configure a browser policy in the Secure Private Access admin console:

Log in to the Secure Private Access admin console.
Go to Policies > Browser Policies.
Click Create browser policy and then select the required setting.
Click Next.
Choose a condition for the policy.
Click Next.
Enter a policy name and a brief description.
Click Save.

Modify the browser policy priority:

You can change browser policy priority from the Browser Policy page. Lower numbers indicate higher priority. After you change a policy’s priority, the change takes effect the next time the Citrix Secure Access browser extension requests a policy update from the Secure Private Access service.

Note:

If multiple policies match a user, the policy with the highest priority (lowest number) is applied. Only one policy is active per user at any given time.

Browser policy priority

Edit a browser policy:

Navigate to Secure Private Access > Policies > Browser Policies.
Click the edit icon for the policy you want to modify.
Modify the policy settings.
Click Save.

Delete a browser policy:

Navigate to Secure Private Access > Policies > Browser Policies.
Click the delete icon for the policy you want to remove.
Click Delete and confirm the action.

Note:

Deleting a policy does not immediately stop enforcement on user endpoints. The change takes effect when the browser extension next requests a policy update.

Anti-keylogging with Citrix Secure Access

Cybercriminals use malicious software such as keyloggers to steal sensitive information, including passwords, credit card numbers, and confidential company data.

The Citrix Secure Access browser extension for Chrome Enterprise Premium (CEP) supports anti-keylogging to help protect your data. This feature scrambles keystrokes so that if a malicious program attempts to capture typed input, it records only unreadable characters while the actual text is securely delivered to your work applications.

Prerequisites:

Ensure that the following prerequisites are met before enabling anti-keylogging:

CWA version 2603 and later is installed.
Integration between Citrix Secure Access and Chrome Enterprise Premium (CEP) is complete.

Configure the anti-keylogging policy:

Log in to the Secure Private Access admin console.
Go to Policies > Browser Policies, and then click Create browser policy.
Select Anti-keylogging, and then click the edit icon to enable it.
Click Next.
Choose a condition for the policy.
Click Next.
Enter a policy name and a brief description.
Click Save.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Browser policies

April 29, 2026

Contributed by:

April 29, 2026

Contributed by:

Browser policies

Anti-keylogging with Citrix Secure Access

In this article