The SafeFrame 1.0 technology is a managed API-enabled iframe that opens a line of communication between the publisher page content and the iframe-contained external content, such as ads. Because of this line of communication, content served into a SafeFrame is afforded data collection and rich interaction, such as ad expansion, that is unavailable in a standard iframe.
To avoid disruptive ad behavior and the potential security risks of serving ads inline with the page, publishers may choose to have ad content served into an iframe.
An iframe is a sort of mini HTML page within the publisher-hosted page. Using the iframe, ad content is sequestered within the boundaries of the iframe and unable to access any information about the page where it is served. Without access to page content, ad content within the iframe cannot expand, interact dynamically with site visitors, or collect any data necessary in determining ad effectiveness.
The iframe solution protects the publisher, but it also limits ad capabilities and decreases the value of inventory that is restricted to iframes.
SafeFrame’s API-enabled iframe opens a line of communication between webpage code and the ad content in a controlled and transparent way. This communication allows for rich interaction while protecting the publisher’s page from undetected changes that might otherwise damage page integrity.
Download SafeFrame 1.0 (PDF)
The benefits that SafeFrames offer cannot be fully realized until several publishers have implemented the technology on their pages and ad developers and technology vendors have made necessary modification, if any, to support serving ads to publisher-implemented SafeFrames.
The SafeFrame working group has built an open-source reference implementation to encourage swift adoption in the marketplace, but ad developers and technology vendors should be patient as publishers make the transition to SafeFrame 1.0.
While SafeFrame shares information with ad content served to its API-enabled iframe, the publisher chooses what to share and can protect sensitive consumer information like personal email addresses, passwords, or even banking information.
The isolation between publisher code and ad code enables publishers to maintain control of the page layout and limit interference from ads while still allowing rich interaction and limited data collection. Using the SafeFrame API, publishers also have the ability to decide what website information (if any) should be exposed to which advertisers and vendors.
With the implementation of SafeFrame, publishers can allow rich interaction from ads served to an iframe while maintaining control that prevents ad code from breaking page function. Enabling rich media inventory within SafeFrame improves revenue potential while keeping operational costs under control.
Standardized Advertiser Layouts
Advertising technology providers may standardize their rich media ad code so that it can run on any publisher network that adheres to the SafeFrame API protocol, reducing operational costs.
Support for Viewability and other Industry Initiatives
SafeFrame 1.0 offers mechanisms to support viewable impressions under development by 3MS as well as the DAA’s AdChoices and other privacy initiatives. In fact, SafeFrame offers increased privacy controls previously unattainable in standard iframes. Also, the transparent communication enabled by SafeFrames establishes a foundation onto which support for other industry initiatives can be built.
Developed by the SafeFrame Implementation Working Group
IAB Tech Lab Contact
Senior Director, Product and Research & Development