Loading
헬프사이트 예정 유지보수에 관한 알림더 많이 읽기
메일 전송 도메인 확인 상태 안내더 많이 읽기

Iframe or Web Tab content displays a blank page

게시 일자: Jun 19, 2026
상세 설명

When Salesforce customers use iframes or Web Tabs to display external content, they may encounter a blank page with no content rendered. This issue occurs because modern browsers enforce security defenses against Clickjacking attacks by honoring the X-Frame-Options HTTP header. Clickjacking is a type of attack where malicious content is hidden inside a frame to trick users into taking unintended actions. Salesforce has also implemented its own Clickjacking defenses in the native UI. As a result, iframing Salesforce or iframing external websites that send X-Frame-Options: DENY or X-Frame-Options: SAMEORIGIN headers results in a blank page.

솔루션

Why iFrames No Longer Work

The X-Frame-Options header is enforced by the browser and by Salesforce's own Clickjacking defenses. No Salesforce configuration change can override a third-party website's X-Frame-Options settings. This is a browser-level security enforcement.

Workaround: Use Custom Links Instead of iFrames or Web Tabs

A custom link can deliver the target URL and open it in a way that avoids iframe restrictions entirely.

  1. In Salesforce Setup, navigate to Object Manager and select the relevant object.
  2. Go to Buttons, Links, and Actions and click New Button or Link.
  3. Set the display type to one of the following:
    1. Display in new window — Opens the URL in a new browser tab, bypassing iframe restrictions entirely.
    2. Display in existing window without sidebar or header — Opens the URL in the current browser window without the Salesforce chrome.
  4. Enter the destination URL and save the custom link.
  5. Add the custom link to the relevant page layout so users can access it.
Knowledge 기사 번호

000384802

 
로드 중
Salesforce Help | Article