At Facebook, we devote significant resources to improving the security of people’s accounts. We have a variety of internal systems that detect and block suspicious behavior, and today we announced the ability for people to access Facebook over a secure connection with HTTPS, which keeps account activity private even when using Facebook from a public internet access point or wifi network.
This secure option is rolling out to users over the next few weeks, and will be available on an opt-in basis in the Account Security section of the Account Settings page. After enabling this feature, all of a user’s activity on Facebook will be served over a secure connection.
As part of this change, we have introduced a new field called “Secure Canvas URL” in the Developer App so Canvas iFrame developers can also serve their apps through a secure connection. When users with HTTPS enabled visit your app, we will load the iFrame using the secure URL you specify. If you do not provide a secure Canvas URL, we will display a confirmation page to let HTTPS users switch to HTTP and continue to your app.
We hope you’ll begin to offer your apps via HTTPS to help us heighten the security of Facebook users’ accounts. We also encourage you to enable the feature on your own account to secure your apps. We welcome your feedback in the comments below.