URL Scan Settings
Overview
The URL Scan Settings page is a separate tab in the Settings area. All settings are configured per Protection Profile. Select the profile you want to configure at the top of the page.
General Settings
| Setting | Description |
|---|---|
| URL Scanning | Master switch to enable or disable URL scanning for this profile. |
| Action | What happens when a threat is detected: Block (redirects to the Replacement URL; the original URL remains visible to the user), Allow & Notify (URL passes through but triggers a notification), or Remove (URL is deleted from the field entirely). |
| Security Threshold | Score between 0 and 100. URLs with a security score below this value are classified as malicious. Default: 50. |
| Productivity Threshold | Score between 0 and 100. URLs with a productivity score below this value are flagged for productivity concerns. Default: 50. |
Allow and Block Lists
Use allow and block lists to override scan results for known URLs.
| Setting | Description |
|---|---|
| Allowed URLs | Partial URL matches that skip scanning entirely. Enter patterns separated by semicolons (e.g., https://example.com;https://microsoft.com). |
| Blocked URLs | Partial URL matches that are always blocked without scanning. Enter patterns separated by semicolons. |
URLs on the allow list are never sent to the scan service. URLs on the block list are blocked immediately without doing a scan request.
Blocked Categories
Select URL categories that should be blocked regardless of their scan score.
Common categories include:
| Category | Description |
|---|---|
| Malware | Sites distributing malware or exploits |
| Phishing | Sites impersonating legitimate services |
| Spam | Sites associated with spam campaigns |
| Gambling | Online gambling platforms |
| Adult Content | Sites with explicit or adult material |
| Illegal Activities | Sites promoting illegal content |
| Anonymizers | Proxy and VPN services used to bypass controls |
When a URL matches a blocked category, the configured action is applied regardless of the security or productivity score.
Objects and Fields
Configure which Salesforce objects and fields are scanned for URLs and whether Click Protection is enabled per field.
| Column | Description |
|---|---|
| Object | The Salesforce object API name |
| Active | Whether URL scanning is enabled for this object |
| Field | The field API name on the object |
| Scan Enabled | Whether URLs in this field are scanned |
| Click Protection | Whether URLs in this field are replaced with safe redirect links (see Click Protection) |
Adding a new object requires deploying an Apex trigger first. See Click Protection: Adding Triggers for step by step instructions, including how to deploy triggers to production.
URL Scan Tester
The URL Scan Settings page includes a built-in test utility. Enter any URL manually to verify that scanning works correctly. The tester displays:
| Result | Description |
|---|---|
| Security Score | Numeric score from the scan service (0 = malicious, 100 = safe) |
| Productivity Score | Numeric score indicating productivity classification |
| Categories | URL categories detected by the scan service |
| Action | What action would be taken based on current configuration |
Maintenance
The URL Scan Settings page includes a Maintenance area for Click Protection cleanup.
Restore All Protected URLsRestores original URLs into every record where Click Protection replaced them with protected redirect links.
Before the job starts, the confirmation dialog shows how many protected URLs will be restored. After confirmation, the restore runs as a background job.
Important behavior:
- The action rewrites original URLs back into affected records.
- The job runs in the background.
- The action cannot be undone.
- You receive an in app notification when the job finishes.
- An Audit Trail entry is written for the restore action.
Use this only when you want to turn protected links back into their original URLs across affected records.