Configure the Enforce HTTPS Global Preference

You can enforce the use of HTTPS for all sites in an instance. When this setting is enabled, URLs are generated using the HTTPS protocol, and incoming page requests that use HTTP are redirected to HTTPS. HTTP requests to OCAPI's session bridge aren't accepted. Also, instead of a combination of session cookies and secure tokens, secure session cookies are used, which helps avoid incorrect (false positive) session hijacking detections. You must enable the Enforce HTTPS global preference to let browsers send cookies in cross-site contexts.

  1. Select Administration > Global Preferences > Security.
  2. On the Access Restriction tab, select Enforce HTTPS.
  3. Click Apply.
When you enable the Enforce HTTPS setting globally, you can't configure it at the site level. If you disable the Enforce HTTPS global preference, the previous site-specific settings are used.
Related concepts
Enforce HTTPS
HTTPS / TLS
Declarative Security via HTTP Headers

© Copyright 2000-2023, Salesforce, Inc. All rights reserved. Various trademarks held by their respective owners.

 Show URL Submit FeedbackPrivacy Policy
X Privacy Update: We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used. By continuing to use this site you are giving us your consent to do this. Privacy Policy.