Deploy a My Domain, and enable enhanced domains to meet the latest browser requirements. Improve Search Engine Optimization (SEO) by redirecting your site traffic to your custom domain. Secure HTTPS connections are enforced and HSTS preloading is recommended for your domains.
- Enable Enhanced Domains (Update)
To comply with the latest browser and security standards, enable enhanced domains on your Salesforce org’s My Domain. With enhanced domains, your company-specific My Domain name is included in your URLs, including Salesforce Sites and Experience Cloud sites. Consistent domain formats improve the user experience and standardize URLs for use in custom code and API calls. Salesforce enhanced domains also comply with the latest browser requirements, allowing your users to access Salesforce using browsers that block third-party cookies. Because this update affects application URLs, including Experience Cloud sites, Salesforce Sites, and Visualforce pages, we recommend that you enable enhanced domains before it’s enforced in Summer ’22. - Redirect Site Traffic to Your Custom Domain
Improve your custom domain’s Search Engine Optimization (SEO) by redirecting requests for your site’s system-managed URL to the HTTPS custom domain, such as https://example.com, that serves the site. System-managed site base URLs end in .force.com, .my.salesforce-sites.com, or .my.site.com. Redirecting traffic from these URLs to your branded domain improves the user experience and helps search engines properly rank your custom domain. - Secure HTTPS Connections Are Enforced in Domains
To better protect your data, Salesforce disabled HTTP-only domains. Settings that enforce HTTPS connections or upgrade HTTP requests were enabled and then removed in Summer ’21 because they’re required and enforced by default. We also renamed our non-HTTPS domain configuration option to reflect that it’s for temporary use only. - Allow Only Secure Connections to Your Domain with HSTS Preloading
As a security best practice, enable and submit your domain for HTTP Strict Transport Security (HSTS) preloading so that HTTPS connections are always used in supported browsers. Currently, all HTTP requests are redirected to HTTPS. However, connections are still vulnerable during that redirection. - Deploy a My Domain (Previously Released Update)
To use the latest features and comply with browser requirements, all Salesforce orgs must have a My Domain. Deploy one, or we assign one for you based on your org ID. Because your My Domain affects all application URLs, we recommend that you test and deploy a My Domain before this update is enforced in Winter ’22. This update was first made available in Winter ’21.