Embeddable Content Policy
However, this can introduce risk to:
Site security. If you are unsure if your 3rd party source should be trusted, you can request an ISO Consultation.
Site stability. 3rd party services can choose to change what is injected onto your site, go offline, or introduce other features that might cause the page on your site to not load or appear in unexpected ways.
Accessibility and usability. Many 3rd party platforms have not been evaluated for accessibility and may not meet Stanford’s minimum standards. If you are unsure about the accessibility of the service, please contact SODA.
Performance of a site. Loading assets and scripts from external sources can increase page load time.
Maintainability. Inclusion of 3rd party code can increase the support burden on your site.
This policy covers any component or feature that can be made available through a content management system that allows for:
Raw HTML (i.e. allows for HTML that does not get stripped or sanitized by the CMS or during a build process.)
Addition of iFrame content from a 3rd party or external Stanford source
Deployment of a Google Tag Manager container
Sites maintained by Stanford Web Services typically provide support for a number of common 3rd party scripts and embeddable content from trusted sources, for example, YouTube, Vimeo and Google Analytics. This policy does not include these common use cases.
For Stanford Sites, trusted sources and the process for requesting special embeddable media in your media library can be found here: Adding Embeddable Media.
Requirements for receiving access
The person being granted access must be a site manager, or a site editor approved by a site manager or site owner
To receive access, please contact the project manager for your custom site or support contract, or file a ServiceNow ticket.
Important Note: Stanford does not support single sign-on (SSO) through an iFrame. This is University-wide policy meant to limit cross-site scripting and cross-site request forgery vulnerabilities. To provide website users with a path to content that is protected by Stanford SSO, the best practice is to get users to the desired content by linking directly to the secured page.