Security issues with iframe HTTPS on HTTPS page

Are there any security issues when installing an HTTPS iframe on an HTTPS page? Or, the safe one is that it looks like a single HTTPS page.

(Iframe content comes from a different domain, if that matters)


source to share

1 answer

There are no associated privacy implications when connecting compared to a regular HTTPS page, but keep in mind that you are doubling the number of servers and possibly companies involved.

Browser exploitation, pop-ups, and adware may be served in HTTPS mode, and visiting an HTTPS site that is outside your control could breach user privacy if the HTTPS URL reveals personal information about one of your users - for example, if you serve + CURRENT_URL and you are logged in with a GET postback with the username and password in the url, you can expose this to third party sites.

Plus, there is no problem with embedding third-party HTTPS sites in your own HTTPS pages.



All Articles