Leveraging HTTPS for Embedded Content in Salesforce
|Knowledge Article Number||000206331|
Salesforce can be configured to display external web apps or other websites from within the Salesforce app via several features, including Custom Tabs. Because the Salesforce app is delivered through an HTTPS connection, Custom Tabs rendered over HTTP connections may cause the browser to issue a warning to the user. However, even with this warning, standard browser security policy will prevent content hosted on an external domain from accessing the Salesforce application and data.