What is the impact of enabling Salesforce.com Clickjack protection

Clickjacking is a type of attack that tries to trick a user into clicking something, maybe a button or link, because they perceive they are clicking something safe. Instead, the button or link performs malicious actions on your site leading to data intrusion, unauthorized emails, changed credentials, or other site-specific actions.

Clickjack protection settings can potentially impact Acoustic Campaign Contact Insight® functionality in Salesforce.com. It has been tested and confirmed that the default enablement of the Clickjack protection support will have no detrimental impact on the display of Contact Insight in the Leads and Contacts pages. However, your Leads and Contacts pages will not work correctly when 'Enable clickjack protection for customer Visualforce pages with standard headers is selected.

There are two options to work around this issue:

  1. If you do not require Contact Insight to be visible in Salesforce, we recommend you remove the Contact Insight panel (SP_EngageMashupLead or SP_EngageMashupContact) from the page layouts for Lead and Contact as a temporary measure.
  2. If you do require Contact Insight in Salesforce, we recommend you do not activate the option for Enable clickjack protection for customer Visualforce pages with standard headers.

For more information about Salesforce Clickjack Protection, please consult with your Salesforce.com Administrator.