Loading

Iframe or Web Tab content displays a blank page

Date de publication: Jun 19, 2026
Description

When Salesforce customers use iframes or Web Tabs to display external content, they may encounter a blank page with no content rendered. This issue occurs because modern browsers enforce security defenses against Clickjacking attacks by honoring the X-Frame-Options HTTP header. Clickjacking is a type of attack where malicious content is hidden inside a frame to trick users into taking unintended actions. Salesforce has also implemented its own Clickjacking defenses in the native UI. As a result, iframing Salesforce or iframing external websites that send X-Frame-Options: DENY or X-Frame-Options: SAMEORIGIN headers results in a blank page.

Résolution

Why iFrames No Longer Work

The X-Frame-Options header is enforced by the browser and by Salesforce's own Clickjacking defenses. No Salesforce configuration change can override a third-party website's X-Frame-Options settings. This is a browser-level security enforcement.

Workaround: Use Custom Links Instead of iFrames or Web Tabs

A custom link can deliver the target URL and open it in a way that avoids iframe restrictions entirely.

  1. In Salesforce Setup, navigate to Object Manager and select the relevant object.
  2. Go to Buttons, Links, and Actions and click New Button or Link.
  3. Set the display type to one of the following:
    1. Display in new window — Opens the URL in a new browser tab, bypassing iframe restrictions entirely.
    2. Display in existing window without sidebar or header — Opens the URL in the current browser window without the Salesforce chrome.
  4. Enter the destination URL and save the custom link.
  5. Add the custom link to the relevant page layout so users can access it.
Numéro d’article de la base de connaissances

000384802

 
Chargement
Salesforce Help | Article