When to Enable Lightning Web Security

Use this table to determine whether to enable Lightning Web Security in your production org, based on the type of components present in your org.

New orgs have Lightning Web Security enabled by default. If you plan to populate a new org with pre-existing or packaged Lightning web components, be sure to test first in a sandbox environment with LWS enabled. For more information, see Workflow to Try Your LWCs with Lightning Web Security.

If Experience Cloud is used in your org, see Experience Builder Sites and LWS before enabling LWS.

To determine the type of components that are present in your org, see Which Components Are Supported by Lightning Web Security.

Components in Org	OK to Enable LWS in Production?	Testing Approach
No components	Yes	Testing isn’t needed because LWS has no effect if there are no components in your org. However, testing a new release is always recommended in sandbox orgs.
LWC only	Yes, after testing in sandbox	We strongly recommend that you try Lightning Web Security in a sandbox staging environment for your org first. See Workflow to Try Your LWCs with Lightning Web Security. If testing shows your components are working well in the sandbox org, turn it on in a production org. If issues arise, you can easily return to using Lightning Locker for Lightning components by deselecting the LWS setting.
Aura and LWC	Yes, after testing in sandbox	We strongly recommend that you try Lightning Web Security in a sandbox staging environment for your org first. See Workflow to Try Your LWCs with Lightning Web Security. If testing shows your components are working well in the sandbox org, turn it on in a production org. If issues arise, you can easily return to using Lightning Locker for Lightning components by deselecting the LWS setting. If your org had the LWS setting enabled before Spring ’23 and your org contains custom Aura components, the LWS setting remains enabled and continues to affect only your Lightning web components. Your org was excluded from the LWS for Aura beta, so it didn’t affect your Aura components in Spring ’23. In Summer ’23, if your org was previously excluded from LWS for Aura, LWS remains enabled and continues to affect only Lightning web components. The goal of our gradual LWS rollout is to start with orgs that aren’t expected to be affected by LWS and to eventually enable LWS for all orgs. The exclusion of some orgs from LWS for Aura applies to production orgs only. LWS for Aura is enabled in Summer ’23 sandboxes for orgs that are excluded, so that you can start testing your Aura components.
Aura only	Yes, after testing in sandbox	We strongly recommend that you try Lightning Web Security in a sandbox staging environment for your org first. See Workflow to Try Your LWCs with Lightning Web Security. The same workflow applies to Aura components too. If testing shows your components are working well in the sandbox org, turn it on in a production org. If issues arise, you can easily return to using Lightning Locker for Lightning components by deselecting the LWS setting.