Currently, FortiClient EMS offers an option under the 'Web Filter' profile that enables the FortiClient Plugin for web filtering when navigating in private/incognito mode. However, enabling this option does not force the web filter plugin to automatically enable and run when the user opens a private window/tab in the browser.
Starting from FortiClient EMS releases 7.2.10+ and 7.4.4, there is an option in the Web Filter profile to enforce users to enable the extension in Incognito mode in a web browser, with the steps mentioned in Troubleshooting Tip: Allow inPrivate or incognito windows when a web browser plugin for web filtering is enabled.
To enable this feature, users must authorize the WebFilter plugin in the browser’s Incognito mode by selecting 'Allow in private'. Otherwise, a pop-up message will persist until the permission is granted.
This relates to an ongoing movement in browser development toward making extension monitoring and permissions more transparent to users, especially around private/incognito browsing.
Browsers like Google Chrome, Mozilla Firefox and Microsoft Edge, treat Incognito/Private mode as a special privacy boundary. Extensions are disabled by default in Incognito mode because they can monitor browsing activity, inject scripts, inspect traffic, capture URLs, or collect credentials.
This is why, by design, FortiClient does not have the ability to automatically enable this feature in the browsers used by users in Private/Incognito mode; it will keep informing the user that they need to enable it until it is done.
This is not an application bug, but rather a design limitation.
Chrome explicitly prevents administrators and extensions from silently enabling Incognito access. Only the user may enable it manually. See Extensions in Incognito mode for further information about the relevant limitations.
This is intentional because a malicious extension, corporate spyware, credential stealers, or adware could silently monitor 'private' sessions without the user realizing it.
Recommendations: Notify users prior to enabling the option to Enforce Web Filter plugin permission in private browsing, since this will demand a manual action from the users, or disable Incognito entirely through GPO/MDM instead of trying to force extensions into Incognito mode.
| 
