Salesforce B2C Commerce 24.7 > Administering Your Organization > Global Preferences > Security Settings

Configure the Enforce HTTPS Global Preference

You can enforce the use of HTTPS for all sites in an instance. When this setting is enabled, URLs are generated using the HTTPS protocol, and incoming page requests that use HTTP are redirected to HTTPS. HTTP requests to OCAPI's session bridge aren't accepted. Also, instead of a combination of session cookies and secure tokens, secure session cookies are used, which helps avoid incorrect (false positive) session hijacking detections. You must enable the Enforce HTTPS global preference to let browsers send cookies in cross-site contexts.

  1. Select Administration > Global Preferences > Security.
  2. On the Access Restriction tab, select Enforce HTTPS.
  3. Click Apply.
When you enable the Enforce HTTPS setting globally, you can't configure it at the site level. If you disable the Enforce HTTPS global preference, the previous site-specific settings are used.
Related concepts
Enforce HTTPS
HTTPS / TLS
Declarative Security via HTTP Headers

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.