Other Security Changes
Improve load times for authenticated site visitors through a new Visualforce page caching option. Update your site guest users to the latest license. Secure HTTPS connections are enforced for third-party domain connections, and you can decide what types of cookies are allowed on your Salesforce Sites.
- Cache Your Site’s Visualforce Pages for Authenticated Users
Improve your authenticated users’ experience by caching your site’s Visualforce pages on their web browsers to reduce page load times. By default, proxy servers cache publicly available pages only for unauthenticated guest users. Now you can disable that proxy server caching and determine whether to cache each page on the end user’s web browser instead. The page-specific caching applies to authenticated and unauthenticated users. - Update Site Guest Users to the Latest License
Some Experience Cloud sites and Salesforce Sites created before the Spring ’21 release can have an outdated license associated with the site’s guest users. If your site’s guest users have the standard guest user license, update them to the provisioned guest user license, which gets updated automatically and has more consistent permissions. - Secure HTTPS Connections to Third-Party Domains Are Enforced
HTTPS connections are required to connect to third-party domains, and HTTP connections are no longer permitted. The Require secure connections (HTTPS) for all third-party domains setting on the Session Settings Setup page was removed because it can’t be disabled. The Require secure connections (HTTPS) setting was also removed because it was previously enabled and can’t be disabled. - Set Preferences for Allowed Cookies for Salesforce Sites
A new Salesforce Sites setting lets you decide what types of cookies are allowed on your site by default. - View Source IP Addresses in Your Private Connect Inbound Connections
You can now easily view the ranges of source IP addresses allocated to your inbound network connections by the Salesforce Transit VPC in your cloud provider, such as AWS. Use these IP addresses with Salesforce security features to get more protection. For example, you can specify that users can log in from these IP addresses without receiving a login challenge. Or add these source IP addresses to the list of restricted addresses that users can access Salesforce from. - Private Connect Is HIPAA Compliant
Your Health Insurance Portability and Accountability Act (HIPAA)-regulated Salesforce customers can now use Private Connect and maintain HIPAA compliance by signing the Salesforce Business Associate Addendum (BAA). Regulated Health Care Salesforce customers can rest assured that their customer data, including electronic protected health information (ePHI), is accessible exclusively through the private internet. - Add More Trusted Domains for Inline Frames
You can now add up to 512 domains where you allow iframes of your Visualforce pages, site pages, surveys, or embedded services. Previously, the limit was 256 domains.