Cobrowse Security and Integrity
The Glance Cobrowse Service allows one or more customer service agents to view, in real time, the web browsing activity of visitors to a website. Agents see exactly what visitors see in their browsers, with the exception of the contents of designated masked fields, such as a credit card number or password.
This document outlines the mechanisms that guarantee security and integrity specifically of the Glance cobrowse service. Security of the Glance website, database infrastructure, and Glance login and account management is covered in the general Glance security whitepaper.
For definitions of terms, please see the glossary.
The Glance Cobrowse service relies on a
<script> tag embedded in each page of your website.
your website visitors want them.
All visitor-initiated Cobrowse sessions require a way for the visitor to obtain the
Session keys are often hard-to-guess numbers like 65432.
unique session key
to share with the agent. The agent needs the key to join the session.
At Glance, we recommend using an HTML element, typically a button on the page.
For more information, please see Create and Add a Cobrowse Button.
Alternatively, you can allow the visitor to generate a session key with a hot-key combination such as
NOTE: We suggest you use an HTML element to initiate sessions, because visitors on mobile browsers cannot use hot-key combinations. And, some website visitors may struggle with certain hot-keys.
Content Security Policy (CSP)
If your website uses Content Security Policy (CSP) headers, they may need to be modified to allow your visitors to use Cobrowse sessions. See the CSP Headers section for modifying CSP headers.
If a customer disallows unsafe-inline styles, Cobrowse will continue to work as expected. However, you may see CSP violation warnings in the console that reference
unsafe-inline styles being blocked, these are harmless and can be ignored.
Cobrowse Session Workflow
Refer to Security Architecture for a step-by-step breakdown of the Cobrowse Session Workflow.
Agent Group Policies
If your organization’s agents use Microsoft Edge,
you may have Group Policy Manager settings in place.
If so, please ensure that your agents' Trusted Sites include
to ensure your agents can connect to cobrowse sessions.
Field Masking (optional)
You may prevent sensitive visitor information from being shown to your agents while cobrowsing. For example, you may conceal your visitors' payment card numbers or taxpayer ID numbers from your agents. Use Field Masking to do this.
You can add an HTML attribute or class to each object you wish to mask. Or, you can identify them via CSS selectors in the Glance Admin Portal. You may find more information about masking here.
To ensure your agents can connect and cobrowse properly with your visitors, your network team may need to place Glance’s URLs and IP addresses on your firewall's allow-lists.
Glance Cobrowse needs access to these URLs:
If your network team requires specific blocks of IP addresses, contact Glance support (email@example.com) for a list of ranges and ports.
The types of connections we use and their ports are:
If your agents have trouble accessing Glance Cobrowse services contact Glance support (firstname.lastname@example.org).