Loading
Salesforce now sends email only from verified domains. Read More
Get Started with B2C Commerce
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Declarative Security via HTTP Headers in B2C Commerce

            You are here:

            1. Salesforce Help
            2. Docs
            3. B2C Commerce for Merchandisers and Administrators

            Declarative Security via HTTP Headers in B2C Commerce

            You can use declarative security controls as a strong line of defense against client browser-based attacks such as clickjacking and offer built-in browser protection against cross-site scripting (XSS). The OWASP Secure Headers Project describes HTTP response headers that your application can use to increase the security of your application.

            The B2C Commerce APIs and the Storefront Reference Architecture (SFRA) provide this capability. You can set HTTP headers on an HTTP response using the addHttpHeader() method on the Response object. If your storefront or cartridge is SFRA-based, you can use the httpHeadersConf.json file to automatically set HTTP response headers on all responses.

            Declarative security controls via HTTP headers and other client browser-based protections are used only if the client’s browser supports the feature. Check the B2C Commerce list of support browsers before relying on a header to cover all supported user environments.

             
            Loading
            Salesforce Help | Article