Salesforce B2C Commerce 24.5 > Administering Your Organization > Global Preferences > Security Settings

Set HSTS for Business Manager in Global Preferences

⚠️ The annual cost of maintaining the server where this website is hosted, the domain, and keeping it up-to-date is approximately €3,000 per year. Help us with a small donation to cover these expenses. Support Now!

0 / 10000

HTTP Strict Transport Security (HSTS) can substantially improve the security of the Business Manager. It secures Business Manager by instructing web browsers to access the domain using only HTTPS.

Web browsers check the Business Manager HTTP header for information on HSTS. When the web browser reads a max age for HSTS, the browser doesn't check the header again until the max age has expired. Because a web browser checks the header only after the max age has passed, you can't manually disable HSTS. You can change the max age at any time, but you can update HSTS only on an HTTPS connection. Choosing Cease signals to the User Agent to stop regarding the host as a known HSTS Host.
  1. In Business Manager select Administration > Global Preferences > Security.
  2. Select Access Restriction.
  3. Select Max-Age.
  4. Review and accept the acknowledge message.
  5. Select one of the pre-defined values.
  6. Click Apply.
Note: Enabling HSTS requires this site to fully run HTTPS, having a valid certificate in place. Otherwise, your browser won't be able to access the site anymore. Therefore consider increasing the max-age setting in stages. For example, to ensure access to the instance works properly while having HSTS enabled, consider increasing the max-age value from five minutes, to one hour, to one day to 180 days or more.

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.