On May 24, 2021, Twilio is implementing a new Content-Security-Policy header on all twilio.com pages pages to prevent them from being viewed in a frame. This guide explains why we're making this change, and what differences users may see going forward.
For full details, see Twilio Is Implementing Content Security Policy (Twilio Blog).
What is a Frame, and why are we blocking it?
Third party sites may use iFrameOptions
or other framing methodologies to display a different web page within their own site. This "frame" can allow malicious actors to harvest customer data, posing an unnecessary risk for Twilio customers accessing Console in this manner. As a security precaution, Twilio is implementing a Content Security Policy header to block all third party framing of twilio.com sites, including our Console account management site.
What do I need to do?
After this change, any third party sites that allow you to view twilio.com sites from a frame will no longer work. Users can view this content directly at www.twilio.com.