Trusted URLs in Salesforce allow you to safely connect external content, integrations, or embedded applications without being blocked by browser security policies. This is especially important when working with AppExchange apps, embedded iframes, or third-party services.

When Do You Need Trusted URLs?

You may need to configure Trusted URLs when:

• An embedded app or iframe is not loading
• You see browser errors related to Content Security Policy (CSP)
• A Salesforce AppExchange package requires external domains to be allowed
• You are integrating Salesforce with external web service

Steps to Add a Trusted URL

Follow these steps to configure Trusted URLs in Salesforce:

1. Navigate to Trusted URLs

1. Go to Setup
2. In the Quick Find box, search for Trusted URLs
3. Click Trusted URLs

2. Create a New Trusted URL

1. Click New Trusted URL
2. Fill in the required fields:

• API Name: Auto-populated or enter a unique name
• URL: Enter the full domain (e.g., https://example.com)
• Description: (Optional) Add context for your team

3. Save Your Changes

Click Save to apply the Trusted URL.

Best Practices

• Only allow trusted and secure domains
• Avoid using overly broad URLs (e.g., wildcards) unless necessary
• Follow the principle of least privilege when selecting CSP directives
• Review and clean up unused Trusted URLs periodically