linkembed
llms.txtllms-full.txt

Troubleshooting

Sandbox / iframe limitations

linkembed shows embedded content inside a secure “sandbox”. That keeps your visitors safe but also means some things that work on a normal webpage may not work inside the embed. This page explains what to expect.

Why we use a sandbox

When you embed content from another site (e.g. Google Drive, Dropbox), it runs inside a confined area (an iframe with sandbox rules). That prevents the embedded page from doing things that could harm the visitor or your page—like running unexpected scripts or redirecting in unwanted ways. Sandboxing is a standard way to make embeds safer.

What might behave differently

  • Pop-ups and new windows — Some embedded sites want to open new tabs or windows. The sandbox allows “pop-ups” in a controlled way, but strict browser or device settings can still block them. If something expects to open in a new window and doesn’t, the visitor may need to use a direct link to the source in a new tab.
  • Downloads — Download links inside the embed can work, but again browser or device policies can restrict them. If a download doesn’t start, the visitor can try opening the link in a new tab or using the source site directly.
  • Login or forms — Pages that require login or complex forms may work inside the embed, but some sites detect that they’re in an iframe and show a “open in new tab” message. That’s a choice the source site makes, not something we can change.

Blank or “refused to display”

If the embedded site sends headers that say “don’t allow framing” (X-Frame-Options or Content-Security-Policy frame-ancestors), the browser will refuse to show it in our embed. In that case you’ll see a blank area or a browser message. That’s the source platform blocking embedding. Use a redirect link to send visitors to the content instead, and see Limitations & platforms for which services we know don’t allow embedding.

What you can do

Prefer the platform’s official embed option or embed code when they offer one. If a platform blocks embedding entirely, create a redirect link so visitors still get a clean, branded URL that takes them to the content. For behavior that depends on the embedded site (e.g. login, downloads), we can’t change how that site behaves inside the sandbox; sharing the direct link with your audience is the fallback.