Enable Lightning Web Security

Test Lightning Web Security in a sandbox environment first and then in production.

New orgs have Lightning Web Security for Lightning web components and Aura components enabled by default. If you plan to populate a new org with pre-existing or packaged Lightning web components, be sure to test first in a sandbox environment with LWS enabled. For more information, see Workflow to Try Your LWCs with Lightning Web Security.

For information about scratch orgs, see Enable and Disable LWS in Scratch Orgs.

Before enabling, see When to Enable Lightning Web Security to determine whether to enable it in your production org.

To use Lightning Web Security in an org:

  1. From Setup, in the Quick Find box, enter Session, and then select Session Settings.
  2. On the Session Settings page, select Use Lightning Web Security for Lightning web components and Aura components and save.
  3. Clear your browser cache after enabling or disabling Lightning Web Security to ensure the correct files are loaded in the browser. If you suspect that the correct security architecture is not in effect, see Delayed Enabling or Disabling of LWS.

Session Settings page with Lightning Web Security selected

To report issues, give feedback, or ask questions about Lightning Web Security, go to the Lightning Components Development group on Trailhead.

LWS relies on Stricter CSP to fully implement its security measures. We strongly advise that you keep the Enable Stricter Content Security Policy setting switched on when LWS is enabled.

See Also