Create a Hostname Whitelist

Hostname whitelisting is when you provide a list of allowed hostnames to protect your site from certain host header attacks. Salesforce B2C Commerce is gradually introducing this functionality for all request types.

A B2C Commerce instance responds to a request only the hostname used was previously configured (whitelisted) by the instance owner. B2C Commerce-provided hostnames (ending with demandware.net) are always valid and don't need to be whitelisted explicitly.

Note: This feature doesn't apply to hostnames in storefront sites.
  1. Select Administration > Sites > Manage Sites.
  2. On the Storefront - Sites page, click the Manage the Business Manager site .
  3. On the Sites-Site - Settings page, click the Hostnames tab.
    A list of allowed hostnames appears. B2C Commerce provided hostnames and configured hostname aliases are automatically included.
  4. Enter up to 10 additional hostnames.
    If you want to access Business Manager with a customer-specific hostname (for example, staging.customer.com), you must add this hostname to the list of allowed hostnames. If you don't add this hostname, some new Business Manager modules (for example, the Promotions or Coupons modules) display an error message.