Skip to content
Create account or Sign in
The Stripe Docs logo
/
Create accountSign in
OverviewAccept a paymentUpgrade your integration
Online payments
OverviewFind your use caseRecurring payments
In-person payments
Payment methods
Payment operations
Balances and settlement timeReceiptsRefunds and cancellations
Advanced integrations
Beyond payments

Deployment checklist

Use this checklist before deploying your Financial Connections integration.

When integrating with Financial Connections on the web, refer to this checklist to ensure your users can use the authentication flow without issue.

  • Configure the page that launches the authentication flow so that the Cross-Origin-Opener-Policy response header is same-origin-allow-popups, restrict-properties, or unsafe-none. Using a restrictive value such as same-origin might interfere with OAuth bank login flows. If your page doesn’t set a Cross-Origin-Opener-Policy header, it defaults to unsafe-none.

  • Configure the page that launches the authentication flow with a referrer policy that sends a Referer header to other origins. Either don’t send a Referrer-Policy response header or use a value such as origin, origin-when-cross-origin, strict-origin, or strict-origin-when-cross-origin. Using no-referrer suppresses the Referer header and might interfere with OAuth bank login flows.

    If your page contains a <meta name="referer" /> tag, set its content value to one of origin, origin-when-cross-origin, strict-origin, or strict-origin-when-cross-origin.

  • If the page that launches the authentication flow is displayed inside an iframe, include allow-popups-to-escape-sandbox in the sandbox property. Some OAuth flows don’t work inside a sandboxed iframe, so using a more restrictive allow-popups value breaks them. See the MDN iframe documentation for a full description of these values.

  • Before enabling live traffic, test your integration using a sandbox. Use each of the Test (OAuth), Test (Non-OAuth), Bank (OAuth), and Bank (Non-OAuth) institutions to link accounts.