Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Enable Browser Security Settings

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Enable Browser Security Settings

            Browser security settings protect sensitive information and monitor SSL certificates.

            Referrer URL Protection

            When loading assets outside of Salesforce or navigating outside of Salesforce, the referrer header shows only Salesforce.com or Force.com rather than the entire URL. This feature eliminates the potential for a referrer header to reveal sensitive information that could be present in a full URL, such as an org ID. This feature is supported only for Chrome and Firefox.

            Public Key Pinning

            To detect man-in-the-middle attacks, Salesforce now monitors which SSL certificates users can see. Custom certificates aren't affected. Public key pinning is supported only for Chrome and Firefox.

            HSTS (HTTP Strict Transport Security) Protection

            HSTS redirects browsers to use HTTPS. It's enabled on all Salesforce and Visualforce pages and for all Experience Cloud sites and Salesforce Sites, and it can't be disabled. You can't modify the HSTS header or its values.

            With HSTS enforced, the browser caches that only HTTPS can be used on the domain. The cache is saved for two years.

             
            Loading
            Salesforce Help | Article