Allow or disallow iframes for a site collection

You can use iframes—HTML containers that you place on SharePoint webpages—to display information from other websites. For example, you can use an iFrame to display content from a Microsoft OneDrive account or to display a training video stored on YouTube. As a site collection administrator, you can enable or restrict the use of iFrames for all sites within a site collection.

Important:  Since iframes can be exploited by unscrupulous websites to compromise the security of your SharePoint site, it is a good idea to restrict the locations from which site designers can display data in an iframe.

To allow or disallow iFrames for a site collection:

  1. Browse to the root site of your site collection.

  2. Click Settings SharePoint Online Public Website Settings button > Site Settings > Site Collection Administration > HTML Field Security.

  3. Select one of the following options:

    • Do not permit contributors to insert iframes from external domains into pages on this site to disallow the use of iFrames for all sites in the site collection.

    • Permit contributors to insert iframes from any external domain into pages on this site to allow the use of iFrames for all sites in the site collection and to allow data from any external website to be displayed in the iFrame. For security reasons, we do not recommend this option.

    • Permit contributors to insert iframes from the following list of external domains into pages on this site to add a web domain to a list of domains whose content can be displayed in iframes in the site collection. To remove a website from the list, select it, and then click Remove.

      Allow iFrames from this domain

  4. Click OK.

Top of Page

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×