Protect your users from untrusted external redirections away from Salesforce. First,
review which kinds of redirections are automatically restricted and your options for restricting
hyperlinks in Salesforce. Add the external URLs that you trust to an allowlist. Then specify what
happens when a user clicks a hyperlink that takes them outside your Salesforce org.
Required Editions
Available in: all editions
External Redirection Restrictions in Salesforce Learn what qualifies as a redirection in Salesforce, when those redirections are blocked, and your options for allowing and restricting redirections.
Identify Cross-Org Urls to Allow for Redirections To protect your users from potential attacks, users aren’t redirected to a different Salesforce org from your Salesforce org unless the URL is trusted. This limitation includes redirections to the second org’s publicly served pages and content. To allow a link, action, or process to redirect the user to a different Salesforce org that you own, add the target URL to the Trusted URLs for Redirects allowlist.
Specify Trusted URLs for Redirections Help your users access external and cross-org URLs via redirections. Add your trusted URLs to the Trusted URLs for Redirects allowlist. Redirections from Salesforce to URLs in that allowlist are always allowed without a warning.
Secure External Redirections from Hyperlinks in Salesforce After you populate the Trusted URLs for Redirects allowlist, protect your users from redirections to untrusted URLs. You can warn block redirections that originate from a hyperlink in Salesforce or warn users during those redirections.
Test External Redirections After you update your Trusted URLs for Redirects allowlist, verify that the corresponding redirections are allowed.
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
