Newer Version Available

This content describes an older version of this product. View Latest

Putting Visualforce Pages on External Domains

You can put your Visualforce content on trusted external domains using iframes after you whitelist the domains where you allow framing.

In Setup, search for Session Settings. Under Clickjack Protection, select Enable clickjack protection for customer Visualforce pages either with headers disabled or with standard headers. Both these options allow framing on whitelisted external domains and provide clickjack protection.

Then under Whitelisted Domains for Visualforce Inline Frames, add the trusted external domains where you allow framing. Ensure that your domain names meet format requirements.

After you whitelist external domains, Visualforce pages render with the X-Frame-Options and Content-Security-Policy HTTP headers set to allow framing by those domains.

This code shows how to frame a Visualforce page on an external domain.

1<html>
2    <head></head>
3    <body>
4        <iframe src="https://example--c.na44.visual.stmfa.stm.force.com/apex/iframe"></iframe>
5    </body>
6</html>