Whitelists

The whitelist feature allows web content to load in to Web HMI.

Be aware that some websites programmatically ensure that their content does not appear inside of an iframe. Additionally, the Web HMI client only displays content loaded using the HTTPS protocol, which can prohibit the ability to host certain websites that store both HTTP and HTTPS content.

Web HMI conforms to the Content Security Policy (CSP) security to detect and mitigate attacks, such as cross-site scripting. CSP provides a standard method for website owners to declare approved origins of content that browsers can load on their websites. Web HMI returns each HTTPS response with a Content-Security-Policy field in its header containing a list of approved (as safe) domain names that web browsers can load. You define this list in the whitelist field of the Reverse Proxy configuration file, as explained in Set up a Whitelist.