Health Check Has New Security Settings

Security Health Check has six new settings. These changes apply to both Lightning Experience and Salesforce Classic.
We added the following high-risk security setting.
  • Require Secure Connections (https) for all third-party domains
We added these medium-risk security settings.
  • Enable Content Security Policy protection for email templates
  • Enable XSS protection
  • Enable Content Sniffing protection
We added the following low-risk security settings.
  • Require identity verification during two-factor authentication registration
  • Require identity verification for change of email address