Salesforce B2C Commerce 24.5 > Administering Your Organization > Global Preferences > Security Settings

Configure the Enforce HTTPS Global Preference

⚠️ The annual cost of maintaining the server where this website is hosted, the domain, and keeping it up-to-date is approximately €3,000 per year. Help us with a small donation to cover these expenses. Support Now!

0 / 10000

You can enforce the use of HTTPS for all sites in an instance. When this setting is enabled, URLs are generated using the HTTPS protocol, and incoming page requests that use HTTP are redirected to HTTPS. HTTP requests to OCAPI's session bridge aren't accepted. Also, instead of a combination of session cookies and secure tokens, secure session cookies are used, which helps avoid incorrect (false positive) session hijacking detections. You must enable the Enforce HTTPS global preference to let browsers send cookies in cross-site contexts.

  1. Select Administration > Global Preferences > Security.
  2. On the Access Restriction tab, select Enforce HTTPS.
  3. Click Apply.
When you enable the Enforce HTTPS setting globally, you can't configure it at the site level. If you disable the Enforce HTTPS global preference, the previous site-specific settings are used.
Related concepts
Enforce HTTPS
HTTPS / TLS
Declarative Security via HTTP Headers

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.