Security issues with iframe HTTPS on HTTPS page

Question

Security issues with iframe HTTPS on HTTPS page

Are there any security issues when installing an HTTPS iframe on an HTTPS page? Or, the safe one is that it looks like a single HTTPS page.

(Iframe content comes from a different domain, if that matters)

+3

html security https iframe

Ojen 26 Mar 12 at 14:34

source to share

1 answer

SecurityMatt · Accepted Answer · 2012-03-26T17:04:05+0000

There are no associated privacy implications when connecting compared to a regular HTTPS page, but keep in mind that you are doubling the number of servers and possibly companies involved.

Browser exploitation, pop-ups, and adware may be served in HTTPS mode, and visiting an HTTPS site that is outside your control could breach user privacy if the HTTPS URL reveals personal information about one of your users - for example, if you serve https://www.example.com/redir.php?url= + CURRENT_URL and you are logged in with a GET postback with the username and password in the url, you can expose this to third party sites.

Plus, there is no problem with embedding third-party HTTPS sites in your own HTTPS pages.

Security issues with iframe HTTPS on HTTPS page

More articles: