Print this page

Leveraging HTTPS for Embedded Content in Salesforce

Knowledge Article Number 000206331

Salesforce can be configured to display external web apps or other websites from within the Salesforce app via several features, including Custom Tabs. Because the Salesforce app is delivered through an HTTPS connection, Custom Tabs rendered over HTTP connections may cause the browser to issue a warning to the user. However, even with this warning, standard browser security policy will prevent content hosted on an external domain from accessing the Salesforce application and data.

Salesforce’s best practice is to leverage HTTPS for all external web apps and websites embedded in Salesforce, as well as their associated tags. We recommend customers who embed content in Salesforce also implement this security best practice as an extra layer of protection.

promote demote