Get started with Google Publisher Tag

Use unique SafeFrame domains

On October 26, 2020, the "Default" for SafeFrame security will be set to randomized subdomains. This now applies to all line items, including reservation. To protect against a known security vulnerability, we recommend you test and enable unique SafeFrame domains.

When you choose the "Random" or "Fixed" setting, your selection is respected immediately after saving.

Improve the security for your ads served for your reservation traffic with the latest update to SafeFrame in Google Publisher Tag (GPT) by enabling randomized domains. 

This does not apply to backfill display ads, which always use randomized subdomains.

If you use Prebid.js, please update to version 3.22.0 or later, which is compatible with randomized SafeFrame domains.

Test your current SafeFrame performance

Before enabling randomized domains across your network, test your existing ad units using SafeFrame. External and third-party buyers may rely on the current SafeFrame domain implementation where creatives load from the same, fixed domain.

Use the GPT API

Test randomized SafeFrame domain gradually. For more granular control, we recommend enabling randomized SafeFrame domains using SafeFrameConfig on an individual ad unit. For example:

googletag.pubads().setForceSafeFrame(true).setSafeFrameConfig(
   {useUniqueDomain: true}
);

Verify that creatives from third-party buyers are serving correctly in that ad unit. Then repeat across specific pages on your website. Once you have verified that ad units across your website are behaving as expected, you can enable randomized domains across your network.

If creatives from third-party buyers are serving incorrectly, and you have already verified that your ad code is not the cause, contact your account manager.

Enable randomized domains

Once you've verified that ad units across your website will behave correctly, enable randomized domains across your network.

  1. Sign in to Google Ad Manager.
  2. Click Admin and then Global settings and then Network settings.
  3. Select a SafeFrame security setting.
    • Default - as of October 26, 2020, creatives load from randomized subdomains. Previously, the default was the Fixed domain setting.
    • (Recommended) Random - creatives load from randomized subdomains. Strongest available security guarantee
    • Fixed - creatives load from the same, fixed domain. This does not provide as strong of a security guarantee.
  4. Click Save.

We strongly recommend that you set SafeFrame security to Random. With this option, SafeFrame uses randomized subdomains to further isolate SafeFrame content and provide stronger security guarantees.

Was this helpful?
How can we improve it?