Historically, publishers have used one of two commonly accepted delivery methods for placing ads on their pages: in-page (inline) script tags that embed ads directly within with page content or traditional iframes that isolate ad content from page content. The in-page script method allows for rich ad interaction, but also exposes publishers to risks such as data leakage, nefarious attacks, and the potential for broken pages when the page code and the ad code conflict. The iframe delivery method was developed to protect publishers from these potential pitfalls by limiting an ad’s access to the page, but in doing so, iframes also restrict advanced ad functionality such as rich media expansion and dynamic interactions with the page content.
SafeFrame was developed to address the security concerns of using script tags, while still allowing ads to execute rich media interactions. SafeFrame is an API-enabled managed iframe that provides publishers with similar protection assurances of traditional iframes while enabling expanding and interactive ad functions as well as ad effectiveness data collection, such as consumer interaction and viewability.
In-Page Script: During page load and operation, the page cannot distinguish between its own content and the ad. This lack of distinction disables publishers from measuring whether the ad is in view and publishers must rely on vendor data reported at predetermined intervals instead of being able to collect real-time data on their own.
Traditional iframe: Viewability is more easily detected in a traditional iframe, but limitations include: lack of standard methods for detecting viewability, lack of real-time data collection, and lack of technical solutions on the buy-side. Some companies have developed solutions to address real-time data collection and technology for measuring viewability with varying degrees of success, but all such solutions are proprietary and don’t adhere to any common technical methods.
SafeFrame: SafeFrames encases ad content in a cross-domain iframe while enabling real-time data collection for both parties using an API. The SafeFrame API enables the publisher to provide geometric data that enables viewability measurements while maintaining the ad’s ability to perform rich display functions, such as expansion.
In-Page Script: The publisher cannot measure performance of an embedded script ad for the same reason the publisher can’t measure viewability: the ad is indistinguishable from page content. The publisher can only measure performance of all elements on the page rather than identifying how page load performance compares to ad load performance.
Traditional iframe: Isolating ad load performance for ads delivered in an iframe is easier to do, but the Industry lacks a common technical standard to do so.
SafeFrame: SafeFrame offers a common technical standard for isolating ad-load performance and, because the SafeFrame API offers features for executing expanding, interactive rich media, SafeFrame becomes a viable option for isolating rich ad content from page content for improved performance measurement.
Restricted rich media is ad media that is restricted to the confines of its surrounding border, or frame. In other words, the ad cannot expand. Branding rich media, on the other hand, can expand and may include interactive features that require certain access to page data for proper execution and data collection.
In-Page Script: While expanding, interactive rich media is the most common reason for implementing an ad inline with page content, one limiting factor is that this kind of branding rich media is nearly impossible to include in programmatic ad exchanges.
Traditional iframe: Any expanding media cannot function in a standard iframe, nor can any page data be accessed for the purposes of real-time interactions or data collection.
SafeFrame: Branding rich media can be rendered and executed in SafeFrame’s API-enabled iframe because it opens a line of communication between the page and ad that enables most interactive and expanding features of complex rich media. Also, because of the standard technical format that can be used cross-platform, the more complex branding rich media can be included in programmatic ad exchanges.
Programmatic Rich Media
In-Page Script: Because of how complex rich media is embedded inline with publisher page content, trading scripted rich media programmatically can’t be done in any kind of cost effective way.
Traditional iframe: While simple rich media restricted to specific width and height dimensions can be traded programmatically, trading complex rich media programmatically is prohibitive in an iframe.
SafeFrame: Since SafeFrame offers a managed API that enables execution of complex rich media and metadata sharing, including rich media in programmatic exchanges is now possible.
In-Page Script: Once an ad is embedded into a page, unloading and re-loading new ads during page operation poses a complex technical challenge to publishers. Buy-side vendors can more easily rotate ads using the script tags they provide to publishers for implementation, but the publisher usually has no transparency into what ads are being displayed.
Traditional iframe: More easily done in a traditional iframe, ad rotation is still limited to ads that are restricted to the boundaries of the iframe with only limited data collection beyond a standard impression.
SafeFrame: Using SafeFrames publishers can increase inventory potential with ad rotation capabilities. Expanding rich media can be allowed within ad rotation depending on what the publisher supports. And the SafeFrame API enables communication that allows for metadata exchange and controlled data collection.
SafeFrame is the only industry-wide solution that creates a common technical standard for sharing metadata between the publisher page and ad content. Other solutions exist but are proprietary to the organizations that have developed them. In the interest of producing a low-level building block to solve many of the limitations with traditional iframes, SafeFrame version 1.0 was released with only the most needed features for operation and metadata is left open to use as best suited to the Industry. However, plans for future releases will consider defining specific metadata sharing guidelines to help simplify how metadata is used in operations.
Publisher Page Protection
In-Page Script: While in-page script ads allow for rich banner display and access to whatever page data is needed, it also exposes the publisher to risks such as data leakage and broken pages. Because the publisher is unaware of what the in-page script ad is doing on the page, the publisher cannot prevent actions that may damage page operation or access to sensitive data.
Traditional Iframe: Traditional iframes protect the publisher because any ad or other content contained in the iframe cannot interfere with page operation or collect any data. However, iframe placements reduce the value that publishers can offer to the buy side.
SafeFrame: Equipped with an API to enable communication with a cross-domain iframe, SafeFrame offers control and transparency to the publisher while offering value to the buy side.
In-Page Script: Because in-page script ads can access data without publisher knowledge, the publisher has limited options for protecting consumer privacy.
Traditional Iframe: While ads within traditional iframes prevent access to consumer data, value for iframe placements are reduced because of iframe limitations. Also, consumer choice is more difficult to honor when the buy side and vendors are blind to consumer privacy expectations.
SafeFrame: SafeFrame enables metadata sharing that allows for communication regarding the privacy choices consumers make. This transparency into consumer privacy choices enables publishers, vendors, and advertisers to honor consumer privacy.