Create a Hostname Allowlist

You can provide a list of allowed hostnames to protect your site from certain host header attacks.

A B2C Commerce instance responds to a request only when the instance owner added the hostname to the allowlist. B2C Commerce-provided instance hostnames (your.instance.hostname.example.com) are always valid. You don’t have to add them to the allowlist explicitly.

Note: This feature doesn't apply to hostnames in storefront sites.
  1. Select Administration > Sites > Manage Sites.
  2. On the Storefront - Sites page, click the Manage the Business Manager site.
  3. On the Sites-Site - Settings page, click the Hostnames tab.
    A list of allowed hostnames appears. B2C Commerce hostnames and configured hostname aliases are automatically included.
  4. Enter up to ten hostnames.
    If you want to access Business Manager with a customer-specific hostname (for example, staging.customer.com), add this hostname to the list of allowed hostnames. If you don't add the hostname, some Business Manager modules (for example, the Promotions or Coupons modules) display an error message.