Recommended Session Settings for TargetX Products
Notes:
- If you are using TargetX Email DO NOT check the setting Lock Sessions to the IP address from which they originated.
- DO NOT edit anything in Manage App Policies, or click on the Block or Uninstall buttons.
- Navigate to Setup and search for Session Settings.
- In the Require secure connections section
- Set Require HttpOnly attribute to “true”
Note: If you are using Decision/App Reader DO NOT set Require HttpOnly attribute to “true”.
For additional information, see Salesforce Help & Training article Modify Session Security Settings.
-
In the Clickjack Protection section:
-
Set Enable clickjack protection for customer Visualforce pages with standard headers to “true”
-
Enable clickjack protection for customer Visualforce pages with headers disabled set to “true”
-
For additional information, see Salesforce Help & Training article Enable Clickjack Protection in Site.com.
-
In the HSTS for Sites and Communities section:
-
Set Enable HSTS for all Sites and Communities with the default force.com subdomain that require a secure connection (HTTPS) to “true”
-
For additional information, see Salesforce Help & Training article Enable Browser Security Settings.
-
In the Identity Verification section:
-
Set Require identity verification for change of email address to “true”
-
For additional information, see Salesforce Help & Training article Configure When Users are Prompted to Verify Identity.
- Save your changes.
Resolving issues with Salesforce Spring '23 and Clickjack protection blocking editing of Org Events
To resolve issues with Salesforce Spring '23 blocking the editing of Org Events, you'll need to add a Trusted Site to the Session Settings page:
- Navigate to Setup and search for Session Settings.
- In the Trusted Domains section, click Add Domain.
- Enter the following:
Domain = *.lightning.force.comIFrame Type =VisualForce Pages
- Save your changes.