When you create a custom Page Tab for your Facebook Fan Page, you must specify both a “Page Tab URL” and a “Secure Page Tab URL” in your Application “Basic” Settings:
Facebook announced the secure-hosting for Page Tabs requirement in October 2011.
Although we don’t know precisely how many of Facebook’s 800M+ users opt for secure browsing, I think you can safely assume it’s a very big number, likely in the tens of millions.
The “Secure Browsing” Option for Facebook
Users have the option to use Facebook under “secure browsing” where all URLs have an SSL Security Certificate and are much more secure. Page tabs index pages that aren’t hosted securely are not displayed to secure-browsing users.
The following is a breakdown of exactly what Facebook’s secure-browsing users see when viewing unsecure URLs while in Facebook.
The “Secure Browsing” option is selected by clicking on the arrow to the right of your picture in the top-right corner of Facebook when you’re logged in.
The path is: Account Settings > Security > Secure Browsing
What Secure-Browsing Users will See if you use HTTP for both URLs
Facebook forces you to enter a “Secure Page Tab URL” when you are creating your Page Tab application.
However, you CAN enter either an “http://” URL into the “Secure Page Tab URL” field OR a “https://” URL even if the domain of that URL doesn’t actually have an SSL Security Certificate.
If You Use “HTTP” for both the “Page Tab URL” and “Secure Page Tab URL”
If you decide to just use the HTTP URL for both fields:
Facebook will open your tab for secure-browsing users but no content will be displayed! Secure-browsing users will just see an empty box.
If You Use “HTTPS” for the “Secure Page Tab URL” but the Page is NOT Secure
If you decide just to use “https://” for the “Secure Page Tab URL” but the Web page which you specify ISN’T secure (the domain doesn’t have an SSL Security Certificate):
Then secure-browsing Facebook users will still not see your tab content BUT the security warnings they see will depend on the browser they’re using.
“This connection is Untrusted”
“Content was blocked because it was not signed by a valid security certificate”
“This webpage is not available – The webpage at https://www.hyperarts.com/social-media/insecure/insecure.html might be temporarily down or it may have moved permanently to a new web address. Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.”
“Safari can’t verify the identity of the website ‘www.domain.com'”
The Takeaway: Make sure your Facebook Page Tab is Secure!
It makes no sense for you to create a Facebook Page Tab that millions of users won’t be able to see. The takeaway: Make sure you host your Page Tab index pages under a domain that has an SSL Security Certificate!