Why Enhanced Domains
When you deploy enhanced domains, most of the application URLs for your Salesforce org change. Those changes require testing and impact public links, such as Experience Cloud sites. Understand why Salesforce requires that all customers adopt this new standard, and learn how enhanced domains meet the latest browser requirements.
Required Editions
| Available in: both Salesforce Classic and Lightning Experience |
| Available in: Group, Essentials, Professional, Enterprise, Performance, Unlimited, and Developer Editions |
Enhanced domains provide multiple benefits.
- Branding—All URLs across your org contain your company-specific My Domain name, including URLs for your Experience Cloud sites, Salesforce Sites, Visualforce pages, and content files.
- Stability—With no instance names, your org’s URLs remain stabilized when your org is moved to another Salesforce instance.
- Compliance—Enhanced domains comply with the latest browser requirements. Specifically, they avoid third-party cookies, otherwise known as cross-site resources.
Third-Party Cookies and Recent Regulations
To understand why Salesforce requires enhanced domains, let’s first talk about third-party cookies.
A cookie is a small block of data that a server sends to a user’s web browser. The browser can then store the cookie and send it back to the same server during later requests. This data helps web developers give you a more personal and convenient online experience. For example, when you visit a website, cookies allow your account, preferences, and shopping cart to persist from your last visit.
Third-party cookies are stored under a different domain than the domain that you’re visiting. These cookies can track you, or your device, across the websites that you visit and display relevant content between websites. For example, you plan for a trip online, and later ads for your vacation destination appear in your social media feed. Third-party cookies also support important functionality, such as a chat hosted by a third-party service provider.
Today, users demand more control over how data collected about them is used, and governments seek to protect the privacy rights of website users. Some laws and regulations that affect cookies include the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), and the European Union’s pending ePrivacy Regulation (ePR). These laws and regulations require that companies and website operators notify web users about the presence of cookies. These businesses must also let users know what kind of information is collected and with whom this information is shared. Also, companies and website operators must offer a way to opt out of cookies and data sharing at any time.
Updated Browser Rules for Third-Party Cookies
As a result of regulatory and consumer pressure, major web browsers block third-party cookies by default. In most browsers, users can allow these cookies via browser settings. However, that practice can introduce security risks.
Until July 2024, Google™ planned to phase out Chrome™ support for third-party cookies. Although Google reversed its plans to block third-party cookies completely for all Chrome users, Salesforce still expects many users to opt out of third-party cookies due to privacy concerns.
Impact on Salesforce Users
Before enhanced domains, Salesforce content was delivered from multiple domains. When the user’s browser settings block third-party cookies, some content in Salesforce could be blocked. For example, a landing page that ends in lightning.force.com couldn’t load content that was stored in your org and accessed via a URL that ends in documentforce.com. The resulting error often mentioned “cross-domain cookies” or “cross-site cookies.”
The Solution: Enhanced Domains
Enhanced domains made structural changes to the Salesforce domains that serve content. With enhanced domains, all Salesforce content shares a common domain. Therefore, cookies can be shared and accessed, even when third-party cookies are blocked.
Because enhanced domains allow your users to continue using Salesforce when third-party cookies are blocked, they’re the future standard and required for all orgs.
When You Can Still See Errors
When you access Salesforce in Classic or visit a Classic page in Lightning, some browsers can flag that interaction as a cross-domain interaction and block the process. Also, users can still experience third-party cookie errors related to embedded Visualforce pages and file-based content under specific conditions.
Here are three specific situations where you can see a message about blocked cross-domain or third-party cookies, even when enhanced domains are deployed.
- When you use a web browser other than Safari 13.1 or later or iOS 14 or later and the browser is configured to block cross-domain cookies, some Salesforce content can fail to load. This issue can occur on Visualforce pages and on Lightning pages with an embedded Visualforce page or embedded file-based content. In this case, the Visualforce page or file-based content can fail to load successfully and the browser displays an error message indicating that the web browser blocked the cookie. To resolve this issue, use Safari 13.1 or later, use iOS 14 or later, or allow cross-domain cookies in your browser.
- When you access a page that contains an embedded Visualforce page, the embedded Visualforce page can display as a blank rectangle. This issue occurs in Salesforce Classic when you use a web browser that blocks cross-domain cookies, such as Safari 13.1 or later or iOS 14 or later. In Lightning Experience, the embedded Visualforce page displays correctly.
- When accessing a Classic page in Lightning, you can receive a warning message about cross-domain cookies. This warning message occurs most often in Setup, because many Setup pages were built in Classic. When your Setup pages are served on the salesforce-setup.com domain, this warning no longer occurs in Setup. Until then, to resolve this issue, click the link in the warning message to open the Setup page within a new tab or window.
