The countdown has officially begun.
Salesforce administrators need to stay current with the platform’s constant progression. Every year brings three distinct release cycles– Spring, Summer, and Winter – each packed with innovative capabilities and refinements designed to strengthen the user experience across the globe.
With the upcoming Salesforce Spring ’26 release, brings an important and critical update. This time it is not just a nice to have but an ACTION REQUIRED issue:
The long-standing safety net of automatic URL redirections for legacy (non-enhanced) ‘My Domain’ hostnames will be permanently removed.If you enabled Enhanced Domains in 2023 but never fully transitioned away from your old links, this change is a high-priority risk that requires immediate action to ensure business continuity.
1. What’s Changing and Why?
For several years, Salesforce has been moving customers to Enhanced Domains, which embed your company’s ‘My Domain’ name into all your Salesforce URLs, including those for Experience Cloud sites, Visualforce pages, and content files.
The Change
When you originally enabled Enhanced Domains, Salesforce automatically kept legacy redirections active. This meant that if a user or integration hit an old, non-enhanced URL (e.g., one containing your instance name like na44.lightning.force.com), they would still be successfully redirected to the new, enhanced URL.
Starting with Spring ’26, this automatic redirection mechanism will be retired permanently. If a user or system tries to access an old link, the redirection will fail, resulting in a 404 Page Not Found error or blocked access.
The Why (Security and Compliance)
This change is driven by a core need to align with modern web security standards. Enhanced Domains:
- Comply with Latest Browser Requirements: They eliminate issues related to third-party cookies, ensuring seamless operation across browsers that are increasingly restrictive about cross-site tracking.
- Provide URL Stability: Your URLs remain stable even if your Salesforce org is moved to a different instance.
Enhance Security: By removing instance names and adopting a consistent, standardized format, the URLs are inherently more secure and less vulnerable to certain types of URL-based attacks.
2. Who Will It Affect and How?
This change primarily impacts organizations that still have references to their older, non-enhanced URLs embedded in their architecture, code, or user practices.
Affected Area
- End Users
- Integrations
- Authentication
- Custom Code & Files
- Experience Sites
Potential Impact (How)
- Bookmarks and shared links will break, leading to access errors and frustration.
- Hard-coded API calls, Web-to-Lead/Case forms, and external systems pointing to old endpoints will fail.
- Single Sign-On (SSO) setups, third-party authentication providers, and Named Credentials using legacy URLs will break, potentially locking out users or systems.
- Visualforce pages, custom apps, content delivery networks (CDNs), and email templates with hardcoded links to old URLs will display broken content or images.
- Public-facing websites or customer portals still using the old *.force.com site URLs will become inaccessible.
3. When is This Happening? (The Timeline)
The permanent enforcement date is tied to the Spring ’26 release. However, Salesforce has been gradually disabling this feature to encourage readiness.
Release
- Winter ’25
- Summer ’25
- Winter ’26
- Spring ’26
Date (Approx.)
- Aug/Sept 2024
- May/June 2025
- Oct/Nov 2025
- Jan/Feb 2026
Impact & Control
- Redirections stopped in most non-production orgs (sandboxes, Developer Edition, etc.).
- Redirections disabled by default in production/demo orgs, but you could still re-enable them in My Domain settings.
- Redirections disabled by default in production/demo orgs. You must opt-out via the "Maintain legacy redirections" setting to delay.
- Permanent Enforcement. Redirections stop completely and cannot be re-enabled.
4. Actions to Take Now
To avoid major disruption, your organization must complete a comprehensive URL audit and update plan before Spring ’26.
Step 1: Identify All Legacy References (The Audit)
- Enable Redirection Logging: In Setup, go to My Domain > Redirections and enable Log Redirections. This generates event logs that track every time a user or system is redirected from an old URL. Review these logs daily.
- Use Release Updates: Go to Setup and search for Release Updates. Find the task named Update References to Legacy Host Names and follow its steps.
- Search Metadata: Use developer tools (like VS Code or the Developer Console) to search your org’s metadata for hardcoded references containing instance names (naXX, euXX, etc.) or old domain suffixes (.force.com, .visual.force.com).
Step 2: Update References in Key Areas
The critical path for updates includes:
- Integrations: Update all external API endpoints, third-party applications, and connected apps.
- Authentication: Reconfigure all Single Sign-On (SSO) settings (IdP and SP metadata), Auth Providers, and Named Credentials.
- Custom Code: Update all hardcoded URLs in Visualforce pages, Apex classes, and Lightning web components.
- External Assets: Update links in email templates, marketing materials, company websites, social media profiles, and documents.
Step 3: Test and Finalize
- Disable and Test: The best way to simulate the Spring ’26 enforcement is to temporarily disable legacy redirections in a sandbox org. This will immediately expose all failing links and integrations.
- Communicate: Notify your users and partners that old bookmarks and links will soon cease to work and provide them with the new, enhanced domain URLs.
Start your URL audit and update process today to ensure a smooth transition into Spring ’26.
Don’t wait until Winter ’26 when the automatic disablement could catch you off guard
Contact us today for any further support and additional information