There was an unexpected error authorizing you. Please try again.

SafeFrame Implementation Guidelines

Note: SafeFrame work has shifted to the new Safe HTML Ad Richmedia Container (SHARC), scheduled for release to public comment in early 2022. The SafeFrame working group has been dismantled and replaced by the Safe Ad Container working group.

SafeFrame is a managed API-enabled iframe that opens a line of communication between the publisher page and the iframe-contained ad creative. While an iframe restricts any activity between the ad and the page, the communication protocol available with SafeFrame enables rich interaction without risking page security. 


With adoption of SafeFrame, publishers, advertisers, and their vendors stand to gain from the following benefits:

Publisher Page Security

The isolation between publisher code and ad code enables publishers to maintain control of the page layout and limit interference from ads while still allowing rich interaction and select data collection. Using the SafeFrame API, publishers also have the ability to decide what website information (if any) should be exposed to which advertisers and vendors.

Consumer Privacy

Preventing access to the publisher’s page also protects consumer data. While SafeFrame shares information with ad served to its API-enabled iframe, the publisher chooses what to share and can protect sensitive consumer data. SafeFrame helps publishers ensure that consumer privacy preferences are honored.


With the implementation of SafeFrame, publishers can allow rich interaction from ads served to an iframe while maintaining page security. Not only does SafeFrame save hours of troubleshooting a broken page caused by ad scripts, the certification process for ad placement is reduced because ads served into the SafeFrame don’t don’t add the kind of risk that comes with direct access. Enabling rich media inventory within SafeFrame improves revenue potential while keeping operational costs under control.

Download SafeFrame 1.0 (PDF)

Update on SafeFrame 2.0

The SafeFrame Implementation Working Group had worked on and released for public comment SafeFrame 2.0. However, as part of the public comment period, enough feedback came back for features we could not fully support on the current SafeFrame framework.

One of the key principles for the version 2.0 update was to enable the cross-platform use of SafeFrame with MRAID Implementations. MRAID, or Mobile Rich Media Ad Interface Definition, is an API-enabled container for managing ad interactions in-app, which is the mobile counterpart to SafeFrame. With feedback on SafeFrame 2.0 and plans to update MRAID on the horizon, the group saw an opportunity to start over. Rather than complete a stop-gap release for SafeFrame, they shifted gears to instead create one standard that would enable the execution of ads in both web and mobile…and anywhere else a container could be used to safely execute rich ad interactions.

The new technology is currently in progress, tentatively named Safe HTML Ad Richmedia Container, or SHARC. The goal for SHARC is to eventually replace SafeFrame and MRAID with a simpler, more modern solution where ad developers can write one rich media ad and serve it anywhere.


We’re always looking for new participants. Reach out to Katie Stroud to get involved. The more we work together, the better the solution will be.

Developed by the SafeFrame Implementation Working Group

IAB Tech Lab Contact

Katie Stroud
Senior Product Manager