SafeFrame Implementation Guidelines

SafeFrame 2.0 is a managed API-enabled iframe that opens a line of communication between the publisher page and the iframe-contained ad creative. While an iframe restricts any activity between the ad and the page, the communication protocol available with SafeFrame enables rich interaction without risking page security. 


With adoption of SafeFrame 2.0, publishers, advertisers, and their vendors stand to gain from all the benefits the latest update offers. After six years since the last update, SafeFrame 2.0 brings simplicity, scalability, and innovation, all while maintaining the security for which SafeFrame was first intended.

Among the key benefits of SafeFrame 2.0 are:

Publisher Page Security

The isolation between publisher code and ad code enables publishers to maintain control of the page layout and limit interference from ads while still allowing rich interaction and select data collection. Using the SafeFrame API, publishers also have the ability to decide what website information (if any) should be exposed to which advertisers and vendors.

Consumer Privacy

Preventing access to the publisher’s page also protects consumer data. While SafeFrame shares information with ad served to its API-enabled iframe, the publisher chooses what to share and can protect sensitive consumer data. SafeFrame helps publishers ensure that consumer privacy preferences are honored.


With the implementation of SafeFrame, publishers can allow rich interaction from ads served to an iframe while maintaining page security. Not only does SafeFrame save hours of troubleshooting a broken page caused by ad scripts, the certification process for ad placement is reduced because ads served into the SafeFrame don’t don’t add the kind of risk that comes with direct access. Enabling rich media inventory within SafeFrame improves revenue potential while keeping operational costs under control.

Programmatic Support

Header bidding operations have increased over the years. While SafeFrame executes AFTER the header bidding process, the SafeFrame wrapper was often reject for lack of support in the programmatic process. The SafeFrame Working Group is working with programmatic providers that offer header bidding in an attempt to have features added to the process that better communicates the presence of SafeFrames. As these features are added ahead of SafeFrame 2.0 adoption, including SafeFrame equipped ads should become standard operating procedure.

Simplicity (and Innovation)

SafeFrame 2.0 was developed with simplicity in mind. The prescriptive host implementation was removed as well as any features that didn’t have anything to do with ad display. For example, other measurement solutions by vendors and standards like OpenMeasurement for Web replace measurement features from previous versions. Modern browser features such as Sandboxing, Feature Policy, and Intersection Observer are recommended for enhancing SafeFrame capabilities without weighing down the API.


During the 60-day public comment period, the SafeFrame Working Group needs participants to help draft guidelines for implementation and develop tools and strategies to support adoption. We also need your feedback on the draft released for public comment.

Reach out to Katie Stroud to provide feedback and/or to get involved. The more we work together, the better the solution will be.

Read the Press Release: IAB Tech Lab Releases SafeFrame 2.0 Secure Ad Container for Public Comment

Read the Blog Post: SafeFrame 2.0: Safer, Simpler and More Advanced

Download the SafeFrame 2.0 PDF for Public Comment


Download SafeFrame 1.0 (PDF)

Developed by the SafeFrame Implementation Working Group

IAB Tech Lab Contact

Katie Stroud
Senior Product Manager