Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Secure External Redirections from Hyperlinks in Salesforce

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Secure External Redirections from Hyperlinks in Salesforce

            After you populate the Trusted URLs for Redirects allowlist, protect your users from redirections to untrusted URLs. You can warn block redirections that originate from a hyperlink in Salesforce or warn users during those redirections.

            Required Editions

            Available in: all editions
            User Permissions Needed
            To modify session settings: Customize Application

            These settings apply when a user clicks a hyperlink when the target URL isn’t on the Trusted URLs for Redirects allowlist. The availability and behavior of this feature varies based on whether the user accesses Salesforce via Lightning Experience or Salesforce Classic.

            Regardless of these settings, if the target URL fails a syntax check, the redirection is blocked.

            Note
            Note Secure redirections to untrusted URLs in Lightning Experience is a pilot or beta service that is subject to the Beta Services Terms at Agreements - Salesforce.com or a written Unified Pilot Agreement if executed by Customer, and applicable terms in the Product Terms Directory. Use of this pilot or beta service is at the Customer's sole discretion.
            1. Before you enable this feature, specify the URLs that you trust for external redirections.
            2. To secure redirections for users who access Salesforce via Lightning Experience, from Setup, find and select Trusted URLs for Redirects. Then for Redirections to Untrusted URLs (Beta), select an option.

              • To show a warning message that requires these users to confirm that they want to leave the current page before they’re redirected, select With user’s permission.

                Warning message for redirections to an untrusted URL.

              • To block redirections to untrusted external URLs for these users, select Never.

                A message informs the user that they can’t access the page because the external site isn’t trusted.

                Message for a blocked redirection.
            3. To secure redirections for users who use Salesforce Classic, from Setup, find and select Session Settings. Under External Redirections, select an option in the Allow redirections to untrusted external URLs field.
              In Salesforce Classic, the messages open in a new browser tab.

              • To show a warning message that requires these users to confirm that they want to leave the current page before they’re redirected, select With user’s permission.

                For users who access Salesforce via Salesforce Classic, the warning message includes an option for the user to trust the URL in the future.

                Salesforce Classic warning message for redirections to an untrusted URL.

              • To block redirections to untrusted external URLs for these users, select Never.

                A message informs the user that they can’t access the page because the external site isn’t trusted.

                Salesforce Classic Message for a blocked redirection.

            If you select Never for either setting, to reduce end-user frustration and potential broken functionality, consider allowlisting all URLs for your other Salesforce orgs and custom domains. See Identify Cross-Org Urls to Allow for Redirections.

            Warning
            Warning The Always option isn’t recommended for these settings, because it allows redirections to untrusted external URLs without a warning.

            See Also

             
            Loading
            Salesforce Help | Article