Before we get into code, let me ask you something:Would you be okay if a customer found your staging environment on Google?Because it’s happening. Right now.Thousands of Salesforce Commerce Cloud sandboxes and staging environments are publicly indexed on Google. Real subdomains, with fake products, broken payment flows, and half-finished campaigns... all visible with a quick search.We’re not making this up. Just type:<pre><code class="language-bash">site:dx.commercecloud.salesforce.com </code></pre>You'll find live sandboxes from stores all around the world. Some even let you add to cart. Others show test credit card flows. Beauty stores, tech retailers, luxury fashion... indexed by Google and available to anyone. Including your competitors.So why is this happening?Because someone forgot to set up a single file: <code>robots.txt</code>.Let’s be clear. This file doesn’t protect your site with encryption or passwords. It just sends a message to crawlers like Googlebot, Bingbot, Yandex, etc., telling them what to index and what to skip.But when you don’t say anything, crawlers do whatever they want. And guess what? They love discovering new sites, especially ones that are half-broken and still in development.Salesforce B2C Commerce gives you multiple options to configure this in Business Manager, under Merchant Tools &gt; SEO &gt; Robots.You can:<ol><li>Allow everything (great for production)</li><li>Block everything (mandatory for staging and sandbox)</li><li>Or paste a custom file with full control</li></ol>You can even manage it from the cartridge, but good luck pushing urgent changes if that’s your only option. You’ll need a full deployment, QA, code review... the usual drama.And here's a bonus tip most people miss: if your site is set to Online Protected, Salesforce auto-generates a blocking <code>robots.txt</code>. Sounds great, right?Until someone disables the password protection.Boom. Your staging site is now live and fully crawlable, and you didn’t even notice.We explain all of this, step by step, in the <a target="" rel="noopener noreferrer" href="https://www.sfcclearning.com/course-detail/304-beyond-the-basics-advanced-sfcc-configuration/26440/">Advanced SFCC Configuration course</a>, including examples, gotchas, and how to safely manage this across all your environments. If you care about SEO, brand reputation, or simply not looking like an amateur... this is the stuff no one tells you.👉 <a target="_new" rel="noopener" class="" href="https://www.sfcclearning.com/course-detail/304-beyond-the-basics-advanced-sfcc-configuration/26440/">Check out the course here</a><hr>And if you want more content like this...👇👇 <a target="" href="https://www.sfcclearning.com/subscribe/"> Subscribe for free</a>

Learn how a simple misconfiguration in the robots.txt file can expose your sandbox to Google. Discover how to correctly manage SEO visibility in SFCC and protect your store from unwanted surprises.

The Most Dangerous File in Your B2C Store (And It’s Only 1KB)

Discover expert insights, best practices, and in-depth guides on Salesforce Commerce Cloud. Stay ahead with SFCC Success Secrets and optimize your e-commerce strategy today!

The Most Dangerous File in Your B2C Store (And It’s Only 1KB)

The Most Dangerous File in Your B2C Store (And It’s Only 1KB)

Related Posts

Protecting Your Storefront: Cross-Site Request Forgery (CSRF) in Salesforce Commerce Cloud