Contact Us
  • When Facebook Users Opt for Secure Browsing, What Do They See on Non-Secure Page Tabs?

    When you create a custom Page Tab for your Facebook Fan Page, you must specify both a “Page Tab URL” and a “Secure Page Tab URL” in your Application “Basic” Settings:

    Facebook Application Basic Settings

    Facebook announced the secure-hosting for Page Tabs requirement in October 2011.

    Although we don’t know precisely how many of Facebook’s 800M+ users opt for secure browsing, I think you can safely assume it’s a very big number, likely in the tens of millions.

    The “Secure Browsing” Option for Facebook

    Users have the option to use Facebook under “secure browsing” where all URLs have an SSL Security Certificate and are much more secure. Page tabs index pages that aren’t hosted securely are not displayed to secure-browsing users.

    The following is a breakdown of exactly what Facebook’s secure-browsing users see when viewing unsecure URLs while in Facebook.

    The “Secure Browsing” option is selected by clicking on the arrow to the right of your picture in the top-right corner of Facebook when you’re logged in.

    Facebook Secure Browsing Option

    The path is: Account Settings > Security > Secure Browsing

    What Secure-Browsing Users will See if you use HTTP for both URLs

    Facebook forces you to enter a “Secure Page Tab URL” when you are creating your Page Tab application.

    View our classic example of a Page Tab that tries to “fake” HTTPS by using “https://” for domain that doesn’t have an SSL Security Certificate. (Make sure you’re using “secure browsing” in your Facebook settings!)

    However, you CAN enter either an “http://” URL into the “Secure Page Tab URL” field OR a “https://” URL even if the domain of that URL doesn’t actually have an SSL Security Certificate.

    If You Use “HTTP” for both the “Page Tab URL” and “Secure Page Tab URL”

    If you decide to just use the HTTP URL for both fields:

    App Settings Use HTTP for both URL fields

    Facebook will open your tab for secure-browsing users but no content will be displayed! Secure-browsing users will just see an empty box.

    If You Use “HTTPS” for the “Secure Page Tab URL” but the Page is NOT Secure

    If you decide just to use “https://” for the “Secure Page Tab URL” but the Web page which you specify ISN’T secure (the domain doesn’t have an SSL Security Certificate):

    Facebook App Settings HTTP and HTTPS, but not really secure

    Then secure-browsing Facebook users will still not see your tab content BUT the security warnings they see will depend on the browser they’re using.

    “This connection is Untrusted”

    Firefox Security Warning - "This Connection is Untrusted"

    Internet Explorer
    “Content was blocked because it was not signed by a valid security certificate”

    Internet Explorer - "Content was blocked because it was not signed by a valid security certificate"

    Google Chrome
    “This webpage is not available – The webpage at might be temporarily down or it may have moved permanently to a new web address. Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.”

    Google Chrome Security Warning: "This webpage is not available"

    “Safari can’t verify the identity of the website ‘'”

    Safari Security Warning: "Safari can't verify the identity of the website"

    The Takeaway: Make sure your Facebook Page Tab is Secure!

    It makes no sense for you to create a Facebook Page Tab that millions of users won’t be able to see. The takeaway: Make sure you host your Page Tab index pages under a domain that has an SSL Security Certificate!

    Additional Resources

    Speak Your Mind