Clear search
Close search
Google apps
Main menu

Render creatives using SafeFrame

SafeFrame is an API-enabled iframe that provides a single, unified mechanism for communication between advertiser and publisher content. SafeFrame technology in DFP enables transparent and rich interactions between page content and ads, while preventing external access to sensitive data and providing more granular control over which creatives are rendered using the SafeFrame container with GPT.

IAB standards require publishers to update their websites in order to render ads inside SafeFrame containers. However, SafeFrame is supported in DFP and enabled by default when using GPT tags.

GPT SafeFrame (6:29)

For detailed information, including the full SafeFrame specification, see the IAB documentation.

Configure creatives to use SafeFrame in GPT

In DFP, you can explicitly control if a creative is rendered using a SafeFrame for four types of creatives: custom, third-party, system-defined templates, and user-defined templates. Select the Serve into a SafeFrame checkbox when creating a new creative or template for these creative types.

Custom and third-party creative types

For these creative types, Serve into a SafeFrame is turned ON by default. Uncheck the box to prevent a creative of this type from being served into a SafeFrame. Learn how to traffic third-party creatives and custom creatives.

User and system-defined creative templates

For these creative templates, Serve into a SafeFrame is turned OFF by default. 

However, creating a user-defined template from an existing system-defined template turns this option ON. You must uncheck the box if you do not want creatives rendered inside a SafeFrame container. Learn more about creative templates.

Use the GPT API

You can also use the GPT API to force any particular ad slot or all slots on a page to render using a SafeFrame container. Learn about the setForceSafeFrame parameter

Technical details

The GPT SafeFrame integration consists of three parts:

  1. The SafeFrame iframe container itself, created by GPT upon display.
  2. Code inserted within the creative, providing the (external) SafeFrame API to the creative and communicating to the host page using postMessage.
  3. Code running outside the SafeFrame iframe as part of GPT which is the other end of the postMessage communication channel. This is the code which performs all of the expansion and geometric measurement for viewability.

DFP supports creatives that use a Safeframe API to interact with websites, such as expanding an ad slot (either as a pushdown or an overlay) when a user clicks on an ad. However, you must modify your GPT tag to enable expansion of ad slots and allow pushdown/overlay interaction by calling setSafeFrameConfig in the GPT API.

GPT does not externalize host API implementation as the rendering of the SafeFrame is handled by GPT. You can continue using the current GPT API to set up your ads, without any changes to the tag set up.

GPT implements the SafeFrame external party API to allow creatives to interact with the website.

Supported SafeFrame API methods

  • $sf.ext.register
  • $sf.ext.supports
  • $sf.ext.geom
  • $sf.ext.expand (supports expansion in both push and overlay modes)
  • $sf.ext.status
  • $sf.ext.inViewPercentage

Not supported or partially supported API methods

  • $sf.ext.cookie is not supported as we do not allow creatives to access publisher cookies.
  • $sf.ext.meta is not supported for publisher defined objects and limited to following system defined objects:
    • {String} sf_ver
      The string representation of the current version of SafeFrame.
    • {Number} ck_on
      Identified whether cookies are enabled on the browser: 1 for true, 0 for false.

You can view examples of SafeFrame-enabled creative implementations or verify your own Google Publisher Tag (GPT) SafeFrame implementations using the SafeFrame creative preview tool.

Learn more about rich media and viewability with SafeFrame

Rich media

SafeFrame increases publisher control by limiting interaction between ads and publisher content to those that can be achieved through methods available in the API. The technology standardizes rich media formats, so that creatives using the API can run on any network that supports SafeFrame.


The SafeFrame provided API can be used to calculate viewability. While SafeFrame 1.0 does not directly report viewability metrics, the API allows for access to creative information that can be used by the advertiser to determine whether or not the SafeFrame container is "in view."

Available via the API are the geometric dimensions and location of the SafeFrame container and its content, in relation to the browser or application window, and the screen boundaries. Duration information can be derived by registering a listener to determine how long the ad is viewable.

Active View, which is a Google provided solution for viewable impressions is not part of the SafeFrame viewability specification. This will continue to function without any change. Learn more

Use the Google Publisher Console

You can use the Google Publisher Console to see if a slot is using SafeFrame.

Was this article helpful?
How can we improve it?