Salesforce Security Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
Give Users Access to Data
Share Objects and Fields
Strengthen Your Data’s Security with Shield Platform Encryption
Audit and Monitor Your Organization’s Security
Real-Time Event Monitoring
Real-Time Event Monitoring Definitions
Considerations for Using Real-Time Event Monitoring
Enable Access to Real-Time Event Monitoring
Stream and Store Event Data
Create Logout Event Triggers
How Chunking Works with ReportEvent and ListViewEvent
Enhanced Transaction Security
Threat Detection
Session Hijacking
Features of the Browser Fingerprint
Investigate Session Hijacking
Credential Stuffing
Report Anomaly
API Anomaly
Guest User Anomaly
View Threat Detection Events and Provide Feedback
Event Log File Browser
Store and Query Log Data with Event Log Objects
Security Guidelines for Apex and Visualforce Development
API End-of-Life Policy
PDF

Features of the Browser Fingerprint

A browser fingerprint is a collection of features that together identify a device. Salesforce uses these features to build a model of the user’s original browser fingerprint when they logged in. Salesforce uses this model to detect whether a user’s session was hijacked.
Available in both Salesforce Classic (not available in all orgs) and Lightning Experience.
Available in: Enterprise, Unlimited, and Developer Editions

Requires Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

Table 1. Features of Session Hijacking
Feature Name Description Example
window The window size, in pixels, of the browser. (750, 340)
userAgent HTTP Header that contains information about the browser, operating system, version, and more. Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10
timestamp Timestamp of the captured event. Usually in Coordinated Universal Time (UTC) format. 2020-03-03T03:10:10Z
screen The screen size, in pixels, of the browser. (1050.0,1680.0)
plugins JavaScript attribute that lists the activated browser plugins. Chrome PDF Plugin:Portable Document FormatChrome PDF Viewer
originApp The origin app of the fingerprint. Lightning
drm Whether DRM (Digital Rights Management) is enabled. 0, 1
dnt JavaScript attribute that indicates whether the user is requesting web sites and advertisers to not track them. enabled
webSockets Whether the browser used web sockets. true
sessionStorage Whether the browser used session storage. true
platform Browser-populated JavaScript attribute regarding the platform the browser is running on (window.navigator.platform). iPad
localStorage Whether local storage is used, extending beyond the duration of the session. false
ipAddress The IP address in the request. 96.43.144.26 or ”Salesforce.com IP”
indexDb Whether an indexed database is enabled for browser storage. true
fonts A hashed value of a list of browser fonts. 9wAt8IYAgO=
color The color depth of the browser. (24.0,24.0)