Ace the Site Readiness Assessment
After completing this unit, you’ll be able to:
- Identify best practices for passing the SRA.
- Use SRA results to prepare for your next project.
Deliver Shared Success
Your efforts to pass the SRA begin at the start of the project. If you make astute choices as you design and build the storefront, you’re sure to get the SRA team’s seal of approval to launch. In this unit, we share several best practices that set up you and the merchant for success.
Build a Fast and Stable Storefront
Waiting for a slow site is no fun. In fact, it’s a primary reason that customers abandon carts. To achieve optimal storefront performance and stability, we recommend the following.
- Iterate through search results no more than once.
- For frequently searched keywords, save and reuse search results.
- For high-volume sites, consider using asynchronous payment processing.
- Load test for 8 or more hours at an acceptable level of performance, as agreed upon by you and the merchant.
- Make your code compliant with Salesforce B2C Commerce quotas.
- Avoid using deprecated APIs.
Be Frugal with Session Variables
Websites use session variables to save data that’s needed across multiple browser pages. To ensure that the website runs efficiently, be judicious with your session variable use. Storing a lot of session data slows down the application server. It’s best to:
- Establish and stay within session object quotas.
- Limit the use of custom session variables.
- Avoid using session variables for large data sets such as wishlists.
Fine-Tune Your Data-Integration Jobs
Data-integration jobs automate the site’s content update process. You can automate inventory, pricing, and order export to other systems, and sometimes even catalog content updates. The SRA team checks that these update jobs perform well and without issue. Carefully review the data-integration section in the SRA workbook and make sure that all items function as designed. Here are some things to keep in mind.
- Schedule data-integration jobs during off-peak hours, and avoid running jobs on top of one another.
- Address errors logged to API and deprecation log files.
- Promptly fix jobs and processes that cause quota violations.
Build a Secure Storefront
When it comes to storefronts, fast is great, stable is great, but secure is most important. Customers trust that the storefront keeps their information secure. Here are our recommendations for this area.
Protect Payment Info
It’s crucial that the storefront protects customer payment information. Take the time to carefully review how you protect customer information for all payment methods: gift cards, coupons, gift certificates, credit cards, and other types of payment. We love to see:
- Order payment instrument retention settings set to expire in 1 year or less.
- Payment card industry (PCI) sensitive information, especially cvv values, not permanently stored.
Squeaky clean payment processing is crucial to storefront security.
No one wants their site hacked or their data stolen. Follow these Salesforce B2C Commerce recommendations to keep your site safe from hackers.
- Encrypt stored sensitive data.
- Perform checkout processing over a secure socket layer (SSL).
- Prevent common attacks such as cross-site scripting (XSS) and cross-site request forgery (CSRF).
- Never print or log clear-text that contains sensitive data or credentials.
Caching must be turned on in production, but be selective about which data you cache. Determine the optimal cache level for each page or page component.
- Always cache pages and page components that only display data common to all customers.
- Selectively cache pages and page components that display personalized data such as loyalty-tier pricing and promotions.
- Never cache pages or page components that display personal data such as customer name, account info, login status, session information, and shopping basket.
In some situations, it’s ok to cache personalized data. Here we distinguish between personal data, such as a customer’s name, and personalized data, such as a pricing based on the customer’s loyalty tier. Consider a site that offers loyalty-tier pricing to customers. The customer’s tier dictates which price they see. The price isn’t personal, but it isn’t generic either. It’s personalized. For personalized information, use personalized caching. Cache several versions of the same page—one for each loyalty tier.
If a page displays personal data, never cache the entire page. However, you may be able to cache individual page components. For pages that contain multiple components, some with personal data and some with common data, use remote includes to cache individual components at different levels. For example, always cache common header and footer elements, but never cache any personal data on the header, such as login status.
After load testing completes, the SRA team reviews the technical reports in the analytics section of the Business Manager tool. The technical reports detail the percentage of cache-hits and cache-misses of the pages served. If a page has a high cache-miss percentage, make page-cache adjustments.
Optimize for the Future
After you complete an SRA, there’s more you can do with the SRA results. Hold an internal retrospective to review the workbook in its entirety. The workbook is a candid, detailed account of the project. Pay special attention to tasks that were not initially approved. Strike up a conversation on how to get these right the first time. And why not use your SRA feedback when your company onboards new team members? Hire to fill gaps and share room-for-improvement insights with new hires.
Do you still feel unclear on certain items? To reduce the risk of hitting a snag on your next project, sign up for future enablement. Identify your internal skill gaps, then contact our Commerce Cloud Services team. Request hands-on help for your next project. It’s a surefire way to learn tips and tricks that improve your skills.
Think back to the start of the project. The merchant chose you to achieve goals that they couldn't reach by themselves, and they chose the SRA to promote quality. Together, we have a common objective to delight the merchant. When your site passes the SRA, it’s an endorsement that the storefront is ready for customers. And it’s confirmation that you delivered the storefront the merchant has dreamed of. Celebrate your job well done.
- Salesforce Help: Cross-Site Scripting
- Salesforce Help: B2C Commerce Security Guide
- Trailhead: Headless Implementation Strategies for B2C Commerce (see the Secure the Storefront unit)