Manage Redirections to External URLs Control

Control Name

Manage Redirections to External URLs

Recommended Configuration

• Specify Trusted URLs for Redirections
• Redirections to Untrusted URL to have “With User’s Permission”
• Disable “Allow Untrusted Cross-Org redirections

Setup>Trusted URLs for Redirects>Disable Allow untrusted cross-org redirections|Redirections to Untrusted URLs -”With User’s Permission”|Specify Trusted URLs for Redirections.

Control Overview

Salesforce secure redirections protect users from phishing and malicious sites by restricting URL redirects to only those domains explicitly added to the Trusted URLs list. When enabled, the platform ensures that any attempt to redirect a user to an external site is either automatically blocked or preceded by a security warning, depending on the organizational configuration.

Security Risk If Not Configured

Without secure external redirections, the organization is vulnerable to open redirect attacks where malicious actors use trusted Salesforce URLs to deceive users into visiting fraudulent or malicious websites. This lack of control significantly elevates the risk of successful phishing campaigns, credential theft, and the unintentional exposure of users to malware via deceptive links that appear to originate from a legitimate source.

Threat Scenarios

An attacker can craft a malicious link using your trusted Salesforce domain as a mask to redirect unsuspecting users to a fraudulent phishing site or a malware-host platform. Because the redirection appears to originate from a legitimate source, users are more likely to provide sensitive credentials or download harmful files, believing they are still within a secure organizational workflow.

Estimated CVSS Score Range

Critical (9.0–10.0).

Risk Impact Considerations

Scope of external services integration, User profile and permission.

Higher Risk When

The risk of not setting secure external redirections is significantly elevated by a lack of a redirection warning policy, which allows users to be sent to external sites without any visual alert or manual confirmation.

Furthermore, a lack of input validation in custom code (Apex or Visualforce) and a lack of employee security awareness training increase the likelihood that users will unknowingly click on malicious links that exploit trust in the Salesforce domain.

Low or No Risk When

To minimize the risk when the "Secure External Redirections" setting is not fully implemented, organizations should enforce strict input validation by using an allowlist (whitelist) of trusted domains in custom Apex and Visualforce code to prevent arbitrary URL redirection.

Additionally, implementing employee security awareness training and a mandatory redirection warning prompt can provide a final layer of defense by alerting users to verify the destination URL before leaving the Salesforce environment.

Business and Integration Considerations

From integration perspective, this control can break cross-org workflows—such as links between Production and Sandbox environments—and disrupt external services that rely on URL-based navigation, admin need to ensure that all custom domains and integrated service endpoints are registered in the allowlist to maintain seamless cross-platform functionality.

Recommended Remediation

Implement redirect warning to untrusted URL.

Security Health Review Guidance

Security Health Review inspects the redirections setup to ensure the redirection is configured with at least a user warning when they are leaving the platform. It also identifies Trusted URL settings to make sure that the list is configured in alignment with best practices, such as not using wildcards or HTTP.