On the subject of defending delicate knowledge, most individuals take into consideration encryption, entry controls, and login safety. However one of many easiest methods delicate info might be unintentionally uncovered, or leaked, can be one of the vital neglected: placing delicate knowledge in a URL.
In Salesforce, that would imply exposing person particulars, session information, or different personal knowledge any time somebody clicks a hyperlink, hundreds a useful resource, or shares a web page. The chance is simple to overlook—but additionally straightforward to repair, when you perceive the way it works.
What counts as delicate knowledge in Salesforce?
Delicate knowledge is something that would hurt your customers or what you are promoting if it had been uncovered. In Salesforce, frequent examples embrace:
- Usernames, passwords, or auth(entication) tokens – may permit somebody to impersonate a person.
- E mail addresses or private contact information – may very well be misused for phishing or spam.
- Salesforce Org IDs or object IDs – may reveal how your system is structured.
- Customized knowledge distinctive to what you are promoting – if it’s not meant to be public, it shouldn’t be in a URL.
Should you’re not sure, ask your self: Would I be snug seeing this knowledge in a public browser historical past, or shared with an exterior web site?
How info inside URLs creates threat
When a person clicks a hyperlink or when their webpage hundreds a picture or script, their browser could robotically ship half of the present web page’s URL because the referrer to the subsequent web site.
If a URL comprises delicate info—whether or not in a question string (after the ?) or, much less generally, embedded straight within the URL itself (for instance, ftp://person:go@host)—that knowledge might be uncovered to:
- Third-party providers like picture hosts or analytics platforms.
- Exterior websites the person clicks to out of your Salesforce web page.
- Logs captured by middleman programs or browser plugins.
Most customers (and even some builders) don’t understand this sharing occurs by default with some customizations or integrations.
How does this occur in Salesforce?
By default, Salesforce retains delicate knowledge out of URLs. However points can come up when customizations or integrations go knowledge by question strings or route parameters. Examples of eventualities the place this would possibly occur are:
- A Visualforce web page appends a person’s e-mail to the URL for filtering outcomes.
- A Lightning element contains an Org ID within the web page path.
- An integration sends credentials as a part of a GET request, as an alternative of utilizing a safer POST.
These shortcuts may appear innocent throughout growth but when left unchecked, can introduce long-term safety dangers.
Maintain delicate knowledge out of URLs
- Don’t go usernames, passwords, tokens, or private knowledge as question parameters.
- Use safe storage mechanisms (session state, safe cookies, Apex controllers).
- Overview your Visualforce pages, Lightning parts, and integrations for unsafe URL patterns.
Management what Salesforce shares
- Allow Referrer Coverage Protections: In Setup → Session Settings, allow the referrer-policy HTTP header to manage what components of your Salesforce URLs get shared with exterior websites.
- The really helpful setting is strict-origin-when-cross-origin—it retains your origin seen when wanted however hides the complete URL from exterior websites.
See learn how to configure this ›
Monitor and educate
- Audit your inner and exterior logs for delicate URL knowledge.
- Make safe URL design a part of your growth and code evaluate processes.
- Share this data together with your admins, dev groups, and safety companions.
What occurs in case you don’t?
When delicate knowledge results in a URL, it’s laborious to manage the place it goes subsequent. If an exterior website or service captures that URL:
- Person privateness may very well be compromised.
- Attackers would possibly use that information to focus on your customers or org.
- Logs, browser histories, or exterior programs may inadvertently retailer personal info.
Past the technical dangers, this erodes the belief your customers place in your Salesforce apps.
What to do right now
✔️ Overview your Salesforce apps and integrations for delicate knowledge in URLs.
✔️ Allow the referrer-policy HTTP header in your org.
✔️ Share this finest follow together with your groups—as a result of one of the best safety is prevention.
Continue to learn, hold defending
Safety is a shared duty—and it begins with the small issues. Overview your org right now and ensure delicate knowledge stays the place it belongs.
Defend Delicate Info in Your URLs (Assist Article)
Salesforce Safety Fundamentals (Trailhead Module)
The extra we construct with safety in thoughts, the stronger we make our complete ecosystem.
