Configure the Enforce HTTPS Global Preference

You can enforce the use of HTTPS for all sites in an instance. When you enable the global preference to enforce HTTPS, HTTP requests to OCAPI's session bridge aren't accepted. Also, instead of using a combination of session cookies and secure tokens, secure session cookies are used, which helps avoid incorrect (false positive) session hijacking detections.

  1. Select Administration > Global Preferences > Security.
  2. On the Access Restriction tab, select Enforce HTTPS.
  3. Click Apply.
When you enable the Enforce HTTPS setting globally, you can't configure it at the site level. If you disable the Enforce HTTPS global preference, the previous site-specific settings are used.