Salesforce B2C Commerce 24.7 > Developing Your Site > Create and Manage Sites for Development

Create a Hostname Allowlist

You can provide a list of allowed hostnames to protect your site from certain host header attacks.

A B2C Commerce instance responds to a request only when the instance owner added the hostname to the allowlist. B2C Commerce-provided instance hostnames (your.instance.hostname.example.com) are always valid. You don’t have to add them to the allowlist explicitly.

Note: This feature doesn't apply to hostnames in storefront sites.
  1. Select Administration > Sites > Manage Sites.
  2. On the Storefront - Sites page, click the Manage the Business Manager site.
  3. On the Sites-Site - Settings page, click the Hostnames tab.
    A list of allowed hostnames appears. B2C Commerce hostnames and configured hostname aliases are automatically included.
  4. Enter up to ten hostnames.
    If you want to access Business Manager with a customer-specific hostname (for example, staging.customer.com), add this hostname to the list of allowed hostnames. If you don't add the hostname, some Business Manager modules (for example, the Promotions or Coupons modules) display an error message.
Related concepts
Continuing Development of a Storefront in Production
Related tasks
Create a Site in Business Manager
Disable Page Caching for Development
Disable a Site in Business Manager
View the Storefront

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.