What is SafeFrame and how publishers can benefit

Brock Munro
December 22, 2021
March 20, 2024
What is SafeFrame and how publishers can benefit

At its core, SafeFrame is an API-enabled iFrame, one designed to allow digital publishers to maximize their ad revenue without forfeiting control over their web page layouts or data sharing. 

With the Interactive Advertising Bureau (IAB) poised to overhaul SafeFrame from 2022, there has never been a better time for digital publishers to get up to speed on the advertising protocol.

SafeFrame's origins date back to 2013 when a group of volunteers from some of the world's biggest tech giants came together to address the technical and logistical challenges of iFrame.

Let's quickly review iFrames, their advantages and disadvantages before discussing SafeFrames' value proposition.

Table of contents:

What is an iFrame?

What are publisher-side files (PSFs)?

So how does a SafeFrame work?

What are SafeFrame's benefits?

How do I enable SafeFrame in Google Ad Manager?

Where is SafeFrame heading?


What is an iFrame?

To truly understand how SafeFrames work, and why they are so important to both publishers and advertisers, it's crucial that we first have a firm grasp of iFrame's workings and intended goal.

The iFrame is an HTML code that publishers can insert into the code of their web pages, thereby providing a fixed display window for third-party content such as videos or adverts. 

Well-known examples of sites that use iFrames are YouTube, Google Maps and Flickr.

iFrame pros and cons  

The attraction of an iFrame is that it isolates and prevents ad code, delivered from an ad network such as AdSense, from interacting with the page content.

This isolation is beneficial for publishers as it prevents ad content from affecting how the rest of the page functions. Moreover, it also prevents ads from collecting sensitive user data.

But iFrames' most significant advantages, namely their intractable dimensions and prevention of user interaction, also mean they provide very inflexible advertising.

Ad dimensions are not displayed correctly, ads cannot dynamically interact with site visitors, and the collection of viewability and performance data — essential metrics for both advertisers and publishers — is also off-limits.

Overcoming the iFrame's disadvantage

Publishers can overcome these limitations by working with advertisers to place JavaScript code within the web page code. JavaScript allows for the resizing of an iFrame and the use of interactive ads. While this sounds like an easy fix, there are also certain downsides to this approach.

Inserting JavaScript grants it permission to read and change almost anything about the host web page. This means that a publisher must trust that the advertiser will not intentionally or unintentionally serve ad content that acts in bad faith — such as data collection.

From a purely technical aspect, that control can lead to the unexpected distortion of page layouts while also opening the door to code conflicts that can leave either the ad, webpage or both broken.

One solution is to use publisher-side files (PSFs).

What are publisher-side files (PSFs)?

PSFs are custom JavaScript codes created by advertisers for use on publisher websites and dictate what an iFrame can and can't access.

Such files open the door to serving rich media ads, while also preserving publisher control and protecting sensitive consumer data, such as personal email addresses.

Of course, the downside is that publishers are left managing and maintaining an ever-expanding list of ad-specific pub-side files.

The simplest solution to these issues, then, is to adopt the IAB's Safeframe standard.

So how does a SafeFrame work?

SafeFrame is an open-source technology pioneered and released by a working group of volunteers from 21 Interactive Advertising Bureau (IAB) member companies in 2013. It received a minor update in 2014.

Executives from Yahoo! and Microsoft led the group initiative, which included volunteers from the likes of Adobe Systems, AOL & ADTECH, CBS Interactive, Disney Interactive Media and Google.

The IAB describes SafeFrame as a "managed API-enabled iFrame that opens a line of communication between the publisher page and the iFrame-contained ad creative".

The SafeFrame's communication protocol not only overcomes iFrame restrictions on ad and web page interaction, paving the way for the use of rich media ads, but does so without risking page security.

Secondary servers

Publishers run SafeFrame in a secondary domain, with the IAB recommending that this be on a content delivery network (CDN) to improve performance and availability.

The IAB describes this secondary domain as an "agnostic processing space" that sits between a web page and an ad server.

What this means, in practice, is that advertisers can use standardized JavaScript code in their ads, sending them to multiple publishers' secondary domains. From there, the ads are processed and funneled to the appropriate iFrame.

This process has several immediate advantages.

What are SafeFrame's benefits?

SafeFrame's benefits revolve around consumer protection, publisher control, advertising code standardization and support for viewable impressions.

Using SafeFrame technology, the publisher controls what information is shared with advertisers, while also ensuring that sensitive data remains protected.

The rise of data protection acts, such as the EU's publication of General Data Protection Regulation (GPDR) in 2016, has made protecting consumer data more vital than ever.

The SafeFrame protocol gives publishers all the advantages of a traditional iFrame – e.g., isolating ad code to preserve page integrity – while enabling rich media inventory and some data collection. Not only does this improve revenue, but automation and standardization keep both publisher and advertiser costs down.

Meanwhile, serving ads into a SafeFrame can also cut down on the ad placement certification process as they don't carry the same risks as granting advertisers direct web page access.

How do I enable SafeFrame in Google Ad Manager?

Google recommends activating SafeFrame within Google Ad Manager whenever possible to minimize the chance of malicious ads being served.

Google Ad Manager allows you to control whether an ad is rendered using a SafeFrame for four types of ad creatives:

  • Third-party creative (default on)
  • Custom creative (default on)
  • Standard creative templates (default off)
  • Custom creative templates (default off)

Given that potential conflicts surrounding unsuitable ad content served to a non-SafeFrame page, and vice versa, it is critical to understand the different ad creatives before activating SafeFrame.

To ensure that ad slots can use SafeFrame, you can open Google Publisher Console and search "iFrame type". The ad slot will either read as "none" or "SafeFrame".

Where is SafeFrame heading?

After releasing SafeFrame 1.1 in 2014, IAB Tech Lab went quiet for a number of years. The group only released SafeFrame 2.0 for a 60-day public consultation in the middle of last year.

In addition to pre-existing benefits, IAB promised SafeFrame 2.0 would include support for programmatic ads. The IAB said that despite SafeFrame executing after the header bidding process, the wrapper was often rejected over a lack of support in the programmatic process.

The bureau added that it was working with programmatic providers to add features to the process that would better communicate the presence of SafeFrames.

Measurement and MRAID

SafeFrame 2.0 will also introduce replacement measurement features from previous versions with vendor-specific measurement solutions and standards, with OpenMeasurement for Web cited as one example.

Aligning SafeFrame with Mobile Rich Media Ad Interface Definition (MRAID) to simplify ad conversion from mobile to web, and vice versa, was also flagged up.

However, feedback over the planned MRAID alignment encouraged the IAB to start over rather than "complete a stop-gap release for SafeFrame".

SHARC spotted

As such, the team is now focused on creating a single standard that will allow the safe execution of rich media ads on both web and mobile.

The IAB aims to release this new technology, tentatively named Safe HTML Ad Richmedia Container (SHARC), for public consultation in early 2022.


SafeFrame represents a significant leap forward for digital publishers in terms of allowing them to maximize their web page ad revenue.

While publishers must implement the protocols themselves, doing so opens up new revenue opportunities, decreases maintenance and operational costs, and boosts website security.

While SHARC's arrival is just over the horizon, SafeFrame's current benefits are more than enough to justify digital publishers taking a closer look at the ad technology now.

Publift helps digital publishers get the most out of the ads on their websites. Publift has helped its clients realize an average 55% uplift in ad revenue since 2015,  through the use of cutting-edge programmatic advertising technology paired with impartial and ethical guidance.

If you’re making more than $2,000 in monthly ad revenue, contact us today to learn more about how Publift can help increase your ad revenue and best optimize the ad space available on your website or app.

Grow with us

Grow your business with a sustainable, long term partnership. If you're making more than $2,000 in monthly ad revenue, contact us today to boost your revenue with our all-in-one solution.
Laptop screen with web page open

Success Stories