⭐️ Keep in mind, this article is for informational purposes only. Socio doesn't make any recommendation for configuring any other website's security.
Most of the places where you can paste a link into the Socio Platform are accompanied by the Open in external browser checkbox. If you uncheck this box, Socio will try to open the website inside your event as if it were a Socio feature instead of a new browser tab.
If you tried to open a website in Socio and got the sad face, the website couldn't be embedded. If you own the website or have a direct relationship with the website's owner, there's a good chance you can get someone to make it embeddable for you!
⭐️ Keep in mind, these principles can apply to any website, and Socio's ability to embed a website is entirely subject to the configurations of the website.
Reasons a website won't embed
The website isn't secured (https)
If a website URL doesn't have "https" at the beginning, it may not be secured. However, some sites will only show "http", but they may still be secured. You can easily tell if an "http" site is actually secured! In browsers such as Safari, look for the lock icon in the URL bar as another indicator that the website is secured.
If the website is secured, then the problem is likely the x-frame-options response or CSP headers. Keep reading to learn about these.
The website has the x-frame-options response header
Even if a website is secured, some websites are specifically configured not to allow embedding as a security measure. You can use this website to check if the x-frame-options response header is present in the website.
Simply paste in the URL for the website you want to embed, and click Test Header. If the result is "Couldn't find the X-Frame-Options header...", that means this isn't the reason the website isn't embedding.
The website uses a CSP policy that prevents embedding
The Content-Security-Policy directive shares some similarities with the X-Frame-Options header, and may be used to fulfill some of the same functions. You can use this website to check if there are CSP headers in the website.
Simply paste in the URL for the website you want to embed, and click CHECK CSP. If the result is "No CSP headers found", that means this isn't the reason the website isn't embedding.
Can I make the website embeddable?
If you don't have a relationship with the website owner...
If you don't own the website and you don't have a direct relationship with the owner, then you're unlikely to get them to update what's needed to make the website embeddable. Most large websites like Facebook and Instagram won't change their policies around embedding, but you can reach out to their support team to find out if there's some alternative. Odds are, you'll have to open the website externally.
If it's your website, or you know the website owner...
If you're trying to embed a sponsor's website, there's a good chance you can work something out with them. Ask your contact with the sponsor to reach out to the person in charge of their website, and have them check their SSL certificate, x-frame-options header, and CSP headers.
If it's your website, have the admin for your website check on these things.
This article and the following links may be helpful to send to a website admin:
⭐️ Keep in mind, the x-frame-options header's purpose is to protect a website from certain types of attacks, so website admins may not agree to remove it entirely. If the website uses CSP, there's a good chance Socio can be allow listed using the frame-src directive linked above.
What are my alternatives?
If you're trying to highlight a Sponsor, Exhibitor, Speaker, or some other featured content, consider hosting and embedding a video or a PDF. These are great ways to offer attendees rich and compelling content.
Questions? Chat Us or Email [email protected]