Loading

'URL No Longer Exists' Error from an Inline Visualforce Page in a Salesforce Page Layout

Publish Date: May 30, 2026
Description

When an inline Visualforce page is included in a Salesforce Page Layout, accessing a record may redirect the user to an error page displaying "URL No Longer Exists." The URL of that page contains "servlet/servlet.Integration." This error is typically caused by the Clickjack Protection security feature conflicting with the Visualforce page's header settings.

Resolution

Option 1: Disable the Standard Header on the Visualforce Page

The error often occurs because the Visualforce page uses the standard Salesforce header. If the page does not require the standard header, set the showHeader attribute to false on the apex:page tag. This removes the header and resolves the conflict with Clickjack Protection.
Update your Visualforce page tag as follows — the showHeader="false" attribute tells Salesforce not to render the standard Salesforce header on this page:

<apex:page standardController="SObject" showHeader="false">

Option 2: Disable Clickjack Protection for Visualforce Pages with Standard Headers

Clickjack Protection is a Salesforce security feature that prevents clickjacking attacks on Visualforce pages. When enabled, it can trigger the "URL No Longer Exists" error on inline Visualforce pages that use standard headers. Disabling this setting removes the conflict.

⚠️ Security Note: Disabling Clickjack Protection reduces your org's security posture. Evaluate the risk and consider alternative approaches before disabling this setting in a production org.

To disable Clickjack Protection for Visualforce pages with standard headers:

  1. Click Setup.
  2. Navigate to Security > Session Settings (Lightning) or Administer > Security Controls > Session Settings (Classic).
  3. Uncheck Enable clickjack protection for customer Visualforce pages with standard headers.
  4. Click Save.

Option 3: Set the applyHtmlTag Attribute to False (API Version 38 and Above)

In API version 38 and above, if the org setting Enable clickjack protection for customer Visualforce pages with headers disabled is turned on (added in Summer '16), the Visualforce page must also include the applyHtmlTag="false" attribute. Without this attribute, the page cannot render properly when showHeader="false" is already set.
Update your Visualforce page tag to include both attributes as shown below:

<apex:page standardController="SObject" showHeader="false" applyHtmlTag="false">

Option 4: Disable Clickjack Protection for Visualforce Pages with Headers Disabled

Similar to Option 2, you can disable the Clickjack Protection setting specifically for Visualforce pages that have headers disabled.

⚠️ Security Note: This also reduces org security. Review the implications before applying this in production.
  1. Click Setup.
  2. Navigate to Security > Session Settings (Lightning) or Administer > Security Controls > Session Settings (Classic).
  3. Uncheck Enable clickjack protection for customer Visualforce pages with headers disabled.
  4. Click Save.
Knowledge Article Number

000387058

 
Loading
Salesforce Help | Article