SalseForce Clickjack Protection Blocks HubSpot Visualforce Integration


As a technology company, we are very security conscious. If we enable clickjack protection for visualforce, we cannot use the HubSpot Intelligence tools in SalesForce. HubSpot should modify the integration settings so that it does not trigger clickjack. You can find the release notes on Clickjack protection here

1 Reply
Status updated to: Not Currently Planned
HubSpot Product Team

Hi all -- Salesforce's clickjack protection is an optional setting that prevents iframes from rendering if the iframe is served from a domain that's different than the salesforce organization's visualforce domain. HubSpot's visualforce pages, including the HubSpot Intelligence view, are served and maintained on HubSpot owned and controlled domains. This allows us to improve and maintain the pages without the need for package releases and updates.


We understand the importance of security to your business, so if you would like to use salesforce's clickjack protection, we recommend mapping the HubSpot properties to salesforce lead and contact fields. All of the information displayed within the visualforce pages can be synced directly to leads and contacts, so removing the visualforce pages won't limit any infromation from being viewed in salesforce.  

For instructions on mapping HubSpot properties to Salesforce fields, please refer to this help article or watch this tutorial: