Embedded Files
Overview
Global Web Exclusions allow administrators to bypass Secure Web inspection for specific trusted domains across the organization. This capability is essential for ensuring uninterrupted access to applications that rely on advanced encryption techniques such as certificate pinning or strict SSL/TLS validation.
By configuring Global Web Exclusions, Zaperon helps organizations balance security enforcement with application compatibility, ensuring business-critical services continue to function without disruption.
Why Global Web Exclusions Are Required?
Modern applications increasingly implement security mechanisms that can conflict with SSL inspection. One such mechanism is certificate pinning, where an application trusts only a specific certificate or public key.
When Secure Web inspection intercepts and re-signs encrypted traffic, certificate-pinned applications may fail to connect, causing login failures or broken functionality.
Global Web Exclusions prevent this by allowing direct, end-to-end encrypted communication for selected domains.
Common scenarios where exclusions are needed:
Certificate-pinned applications (messaging, conferencing, SaaS platforms)
Vendor-recommended inspection bypass
Applications that fail during SSL/TLS inspection
Critical business services requiring uninterrupted connectivity
In such cases, excluding these domains from SSL inspection prevents application failures, authentication issues, and connectivity errors.
Security Note: Excluded domains bypass Secure Web inspection. Only add exclusions for trusted and verified domains.
When to Use Global Web Exclusions vs SWG Policies?
Global Web Exclusions and Secure Web Gateway (SWG) policies serve different purposes and should be used accordingly.
Use Global Web Exclusions when:
An application uses certificate pinning
SSL inspection breaks application functionality
Vendor documentation recommends bypassing inspection
Use SWG Policies when:
You want to block or allow specific URLs
You need to control access by URL category
You require visibility and logging without bypassing inspection
→ Refer to Manage Secure Web Gateway (SWG) Policies
→ Refer to Create a SWG Policy to configure custom URL or category-based controls
Adding a Global Web Exclusion
1. To add a global web exclusions, go to Secure Web and click on + Global Web Exclusions button.
2. Enter the domain you want to exclude and click Add. The domain will appear in the exclusion list.
3. After adding domain to the list you will see save button will be enabled. click on Save to apply the Global Web Exclusion across the organization.
4. A confirmation message appears once the exclusion is successfully added.
Bypass criteria for Certificate-Pinned Applications
These domains belong to certificate-pinned applications and should be added as Global Web Exclusions to avoid SSL inspection–related access issues.
Managing and Removing Exclusions
Global Web Exclusions apply automatically across Secure Web policies once added.
You can review or remove exclusions at any time from the Global Web Exclusions page.
→ Refer to Delete Global Web Exclusions
Summary
Global Web Exclusions enable organizations to maintain application compatibility while enforcing strong Secure Web controls. By selectively bypassing inspection for trusted domains, Zaperon supports certificate-pinned applications, ensures business continuity, and aligns with industry-standard Secure Web Gateway practices.
Google Sites
Report abuse