Session and Browser Security

After users log in, their sessions and browser interactions become potential targets for attack. Configure session security settings, protect against clickjacking, and manage allowlists for external URLs and origins. Then review the cookies that Salesforce Platform uses to improve functionality and accelerate processing times.

• Limit Interactions with External URLs and Origins
  In our connected world, interaction with external websites and origins is a necessity. To protect your network and data, configure allowlists and enable settings that limit how Salesforce and external origins interact. And limit redirections that originate in Salesforce to URLs that you trust.
• Configure Clickjack Protection
  Clickjacking is a type of attack that tricks users into clicking something, such as a button or link. The click sends an HTTP request that performs malicious actions that can lead to data intrusion, unauthorized emails, changed credentials, or similar results. To help protect against this kind of attack, most Salesforce pages can only be served in an inline frame by a page on the same domain. Learn which types of pages can be framed and how to configure the related clickjack settings.
• Session Security
  After logging in, a user establishes a session with the platform. Use session security to limit exposure to your network when a user leaves the computer unattended while still logged in. Session security also limits the risk of internal attacks, such as when one employee tries to use another employee’s session. Choose from several session settings to control session behavior.
• Salesforce Platform Cookies
  The Salesforce Platform uses cookies to improve functionality and accelerate processing times. By saving a user’s settings, cookies can enhance the user’s experience and the Salesforce Platform’s performance.