When we define a view or command as secured page using https in struts-config file then that will add a krypto parameter as shown in the below URL while redirecting. Krypto will have all the parameters encrypted as shown below. https://localhost/webapp/wcs/stores/servlet/OrderItemDisplayView?catalogId=10051&langId=-1&storeId=10151&krypto=aLt1shhBswovwONoDZJPI8liwcvzrdPaOx1EbnlkrQ3VPLOhpVtYeHFelH5HQ42q9hFv9GQY%2BQPV614V9IOvBtPrRYsDxyPw5BXJXgRz%2F2DsikPE0TLzXyYIzhkv6MTvGcLs8k1B0eNeiwUNT%2BbkNKyiNIs%3D If we want to prevent certain parameters to be exempted from being encrypted and added in the Krypto then we need to make an entry for those parameters in the wc-server.xml in the NonEncryptedParameters section. <NonEncryptedParameters display="false"> <Parameter name="storeId"/> <Parameter name="langId"/> <Parameter name="catalogId"/> <Parameter name="categoryId"/> <