Administrators can enforce enhanced access security policies for secure access to web or SaaS apps. Admins can restrict actions such as restricted printing, downloads, and clipboard access (copy-paste), and so on. For more information, see Get started with Citrix Secure Private Access. The policies are applied on a per-app and per-URL basis.

Admins must specify the content access settings in the Citrix Secure Private Access service to control the following policies:

Secure Private Access:

  • Restrict clipboard access: Disables cut, copy, and paste operations between the app and the endpoint’s clipboard.

    Clipboard access Restricted

  • Restrict printing: Disables the ability to print from within the app.

    Printing restricted

  • Restrict downloads: Disables the ability to download from within web and SaaS apps or copy files from the browser.

    Download restricted

  • Display watermark: Overlays a screen-based watermark that shows the user name and public IP address of the endpoint.


The Restrict navigation option isn’t supported.

App protection policies:

App protection policies aren’t supported on devices running Windows 11.

  • Restrict keylogging: Protects users from keyloggers.

  • Restrict screen capturing: Disables capturing screenshots or screen recording for the app that this policy is applied to. This policy is applied as long as a protected tab is visible (not minimized) in your browser window.


The app opens in the Citrix Workspace Browser, if you have applied enhanced security features such as restriction or watermark through the Secure Workspace App panel when deploying SaaS apps.

If no additional security features are applied, the app opens in the native browser.


In this article