Fenced Frames

Fenced Frames are known as one of Google’s Privacy Sandbox features and refer to an HTML element, used for embedding [ad] content into publishers’ digital properties with restricted communication between the embedded content and the embedding environment.

The Story Behind

Simply put, a fenced frame is an HTML element, which puts a boundary between the embedded [advertising] creative and the publishers’ (embedding) website/app, e.g. by preventing their communication using a postMessage method.

Initially introduced back in 2020 as a part of Google’s Privacy Sandbox initiative, fenced frames are designed to work in tandem with Protected Audience API and other Privacy Sandbox solutions and primarily aimed at preventing the data exchange between parties in the digital advertising ecosystem (i.e. between a publisher, an adtech provider and/or a DSP/advertiser), hence limiting cross-site tracking of End Users.

According to Google, the company plans to fully enforce the shift [from iframes] to fenced frames closer to/after 2026, sometime upon the industry transition to the new realities upon the complete third-party cookie phase-out in Chrome in 2024.

How Fenced Frames Work

As mentioned herein, fenced frames are designed to enable rendering of advertising content in the somewhat isolated environment, where the publisher’s digital properties don’t have access the Document Object Model (DOM) of the embedded content and vice versa, hence preventing data tracking across websites in such a way. 

As opposed to iframes, a <fencedframe> element uses the config attribute, and when the TURTLEDOVE API is invoked to run the PAAPI ad auction, the FencedFrameConfig object will be returned, which will then be used to render an actual fenced frame with the ad. 

This object includes a number of fields, aimed at specifying the ad behavior, including the ad URL and the width/height attributes, as seen within the particular fenced frame.

The trick is, however, as designed, the browser will redact the FencedFrameConfig object prior to sending it to the publisher’s domain, replacing the potentially sensitive fields like the ad URL, with the opaque string. 

This means that a publisher will be able to determine if the ad URL is defined in the FencedFrameConfig object, for example, but won’t be able to see what the actual ad URL is. Accordingly, when the fenced frame is being requested to load, it will be up to the web-browser to handle the access to the actual unredacted information about the ad in order to ensure its display.

Perspectives of Adoption

Even though Google began the massive testing of fenced frames back in 2022, as of Q1 2024 there isn’t a consensus in the online advertising industry regarding the perspectives of their market-wide adoption yet.

Namely, some of the major challenges related to fenced frames implementation are the significant limitations of their ad reporting capabilities, as well as the peculiar restrictions of the publishers’ control over the proper ad creatives performance on their digital properties, which poses an especially serious problem in the video advertising context. 

More importantly, the implementation of fenced frames implies a series of technical complexities for all parties involved, which adds even more pressure to the task. 

In view of this, chances are that many digital businesses will be reluctant to adopt fenced frames in the next 12 – 20 months, awaiting the release of the more precise implementation guidelines, or the launch of another, more flexible alternative to these sometime soon.

Back to Glossary