SafeFrame 2.0: Safer, Simpler and More Advanced

The number of browsers and the technology that runs them has been advancing rapidly over the last few years. Ad tech has also seen a lot of advancement in technology, creativity, and services. All of this growth comes with added risk.

For years, SafeFrame has offered rich ad interactions in Web pages and apps, but has remained stagnant while the technology it supports has seen a lot of improvements. Some of the guiding principles for developing the first iteration of SafeFrame have become obsolete. 

Why We Need a New SafeFrame 

Measurement, for example, was a black box for ads contained within an iframe. SafeFrame was vital to enabling measurement in iframes at the time of the initial release. However, as IAB Tech Lab develops Open Measurement for Web, SafeFrame no longer needs to offer this feature and can instead focus on the ability to offer a rich ad experience.

Speaking of Web and rich ad interactions, SafeFrame’s initial focus was on Web interactions. But the Web has become largely mobile and creative authors crave a simple full screen expansion. Before SafeFrame, there was MRAID (Mobile Rich media Ad Interaction Definition). The broad adoption of MRAID and the struggle for SafeFrame demonstrates the need for a more universal approach to supporting all HTML display ads, whether in Web or in a mobile Web app.

Beyond measurement and context, advances in automated processes for placing ads have left SafeFrame on the sidelines. Header bidding has been introduced and widely adopted since the first release (and subsequent minor release) of SafeFrame. A lack of communication about the use of SafeFrames in the systems that operate header bidding, made supporting SafeFrame ads difficult.

Perhaps it’s no surprise that the next iteration of SafeFrame—more than 6 years later—requires a major overhaul.

SafeFrame 2.0 has been released to public comment. As the co-chairs of the SafeFrame Working Group for IAB Tech Lab, we’re excited to invite feedback on the updates. 

Why We’re Excited About the Update

Some of the principles and features we’re most excited about are:

Security: Above all, security was and still is the first priority for SafeFrame. Page security for the publisher also prevents access to user data and promotes user privacy. Subsequently, standardized page security also equates to placing ads at scale, which helps streamline operations and reduce costs.

Simplified Implementation: The prescriptive host implementation has been dropped, which enables publishers to innovate in this space. Guidance for host support of the SafeFrame API is being developed during public comment of the core spec.

MRAID Alignment: While MRAID is still for mobile and SafeFrame is still for Web, alignment on the two simplifies ad conversion from mobile to Web and Web to mobile. The alignment also enables a unified API for all HTML ads regardless of the platform.

Creative Simplicity: SafeFrame 2.0 aligns to modern ad formats and simplifies ad expansion. Previously, expansion meant setting new coordinates for the expanded ad dimensions, and setting new coordinates meant knowing the dimensions of the browser window to set a fullscreen expansion. Now, calling expand() simply expands the ad to the max size allowed.

Events: An event listener has been added to SafeFrame 2.0 to replace an outdated “register” process used in the first release of SafeFrame. Event listeners are more familiar to developers and simplifies API implementation and support.

Enhanced with Browser Features: Incorporating existing technology simplifies the SafeFrame API and enhances its capabilities. Browser features such as sandboxing, feature policy (permission policy), and intersection observer removes functionality from SafeFrame that is already commonly available in most browsers. This simplifies support for SafeFrame 2.0 and allows for a more lightweight implementation.

What We Need From You

SafeFrame 2.0 is in public comment for 60 days. We’ve doubled the time usually allotted for collecting feedback because of the 6-year lag from the last update. Take time to review the spec, play around with the possibilities, and let us know what you think. Offer your proposals for improvement and let us know where you have concerns.

In addition, the SafeFrame Working Group needs passionate participants to help us develop the guidance and support for smooth implementation. While the latest update is a large step up from the last update, wide adoption is needed to achieve all the benefits that SafeFrame 2.0 brings to the table.

Email support@dev.iabtechlab.com to provide your feedback or email Katie Stroud, the IAB Tech Lab lead for SafeFrame to get involved.


ABOUT THE AUTHORS

Marian Rusnak
Software Engineer
Verizon Media

Lucas Silva
Software Engineer
Google