Allow the Required Domains
To enable your users to access Salesforce, you must add the standard Salesforce domains to your list of allowed domains.
Required Editions
| Available in: Salesforce Classic and Lightning Experience |
| Available in: All Editions. |
If your users have general access to the Internet, no action is required.
If you control your users’ or servers’ access to the Internet through allowlists, add these domains to ensure that you receive all Salesforce content.
Salesforce Domains to Allow
To enable all Salesforce functionality, add these Salesforce-managed domains.
| Domain | Use |
|---|---|
| app.salesforceiq.com | Provides Inbox services for customers outside of the European Union (EU). |
| app-frankfurt.salesforceiq.com | Provides Inbox services for customers within the EU. |
| *.force.com | Visualforce pages, Lightning pages, and content (files) stored in Salesforce. |
| *.forceusercontent.com | Maps and location services. |
| *.force-user-content.com | User content stored in Salesforce. |
| *.salesforce.com | Salesforce login authentication,. Also used for multiple Salesforce content sites, including Salesforce Help, Salesforce Developers, Salesforce Admins, Trailblazer Communities, and Trailhead. |
| *.salesforceliveagent.com | Chat, Omni-Channel, and SOS. |
| *.salesforce-experience.com | Experience Builder for Experience Cloud sites. |
| *.salesforce-hub.com | Customer 360 Data Manager. |
| *.salesforce-scrt.com | Next generation Omni-Channel engagement. (Examples: Voice and messaging.) |
| *.salesforce-setup.com | Setup pages in Salesforce. |
| *.salesforce-sites.com | Salesforce Sites. |
| *.sfdcopens.com | Email tracking. (Reserved for future use.) |
| *.site.com | Experience Cloud sites. |
| *.svc.sfdcfc.net | Email integration for Salesforce Inbox users. |
| .trailblazer.me | Sign-up, login, and profile and settings management with multiple Salesforce-related sites, including AppExchange, IdeaExchange, Salesforce Help, Trailhead, and Trailblazer Communities. |
| *.trailhead.com | Enablement Sites (myTrailhead). |
These Salesforce-managed domains were used in orgs without enhanced domains, a feature that was enforced in Winter ’24. After you remove all references to these domains, you can remove these domains from your allowlists.
| Domain | Use |
|---|---|
| *.documentforce.com | Content (files) stored in Salesforce orgs without enhanced domains. |
| *.lightning.com | Lightning container components in orgs without enhanced domains. |
| *.salesforce-communities.com | Experience Builder for Experience Cloud sites in orgs without enhanced domains. |
| *.sfdc.sh | Chat, Omni-Channel, and SOS in orgs without enhanced domains. |
| *.visualforce.com | Visualforce pages in orgs without enhanced domains. |
Domains to Allow for Login Screen Content
These domains are used to deliver content in the right frame of your login screen. If you don’t allow these domains, the right side of a non-customized login page can display page-load errors.
- *.sfdcstatic.com
- secure.eloqua.com
- *.google.com
- *.doubleclick.net
- www.facebook.com
- *.google-analytics.com
The right frame content is displayed in the following URLs.
- login.salesforce.com
- test.salesforce.com
- <yourInstance>.salesforce.com
- A My Domain URL without a customized login page (for example, norns.my.salesforce.com)
Domains to Allow for Trailblazer Identity Login Screen Content
These domains are used to deliver content in the Trailblazer Identity login screen. If you don't allow these domains, you’ll see a blank screen when trying to log in via Trailblazer Identity.
- *.oktacdn.com
- *.okta.com
- *.lightningdesignsystem.com
- *.sfdcstatic.com
- cdn.cookielaw.org
- *.onetrust.com
- *.googletagmanager.com
- *.google-analytics.com
- trailblazer-identity.my.site.com
