SafeFrame is an API-capable iframe that provides a single, unified mechanism for communication between advertiser and publisher content. SafeFrame technology in Ad Manager provides transparent and rich interactions between page content and ads while preventing external access to sensitive data and providing more granular control over which creatives are rendered using the SafeFrame container with GPT (Google Publisher Tag).
IAB standards require publishers to update their websites to render ads inside SafeFrame containers. However, when using GPT tags, Ad Manager supports and automatically activates SafeFrame.
To minimize the chances of malicious creatives serving, we recommend activating SafeFrame whenever possible, in conjunction with the HTML5 sandbox attribute, to prevent top-level navigation.
googletag.SafeFrameConfig
Below is a configuration object for SafeFrame containers
Property Summary | |
---|---|
allowOverlayExpansion | Whether SafeFrame should allow ad content to expand by overlaying page content |
allowPushExpansion | Whether SafeFrame should allow ad content to expand by pushing page content |
sandbox | Whether SafeFrame should use the HTML5 sandbox attribute to prevent top-level navigation without user interaction |
useUniqueDomain | Deprecated. Whether SafeFrame should use randomized subdomains for reservation creatives |
setSafeFrameConfig example based on JavaScript
googletag.pubads().setForceSafeFrame(true); const pageConfig = { allowOverlayExpansion: true, allowPushExpansion: true, sandbox: true, }; const slotConfig = { allowOverlayExpansion: false }; googletag.pubads().setSafeFrameConfig(pageConfig); // The following slot will not allow for expansion by overlay. googletag .defineSlot("/1234567/sports", [160, 600], "div-1") .setSafeFrameConfig(slotConfig) .addService(googletag.pubads()); // The following slot will inherit the page level settings, and hence // would allow for expansion by overlay. googletag.defineSlot("/1234567/news", [160, 600], "div-2").addService(googletag.pubads()); googletag.display("div-1"); googletag.display("div-2");