squarespace development + strategy + UX + design & build + marketing

+44 (0)7908 262225

I'm a freelance user experience consultant who delivers projects large and small for a client base that includes multinationals, SMEs, and sole traders.   
I specialise in formulating new media strategy, defining information architecture, user experience design, interaction design, prototyping, user research & testing, website and application building, and online marketing. 

Squarespace IFRAME not working? This is probably why..

When an IFRAME embedded in a code block does not work on a Squarespace website the problem is usually that the embed IFRAME code is unsecure ( the IFRAME url begins with http:// ) and the page that contains the IFRAME code is secure (url begins with https://). 

What’s the difference between https: and http:?

How to tell if your IFRAME code is secure or unsecure

How to tell if your IFRAME code is secure or unsecure

  • Urls that begin with http are not securely encypted. Any data they pass back to their server is in plain text format. This means that they could potentially run malicious scripts or be exploited by hackers.
  • Urls beginning with https are securely encrypted. This means that their contents, and any data they pass back to their server (such as form submissions) cannot be easily read if they are intercepted by hackers. 

So why don’t http: IFRAMEs load on https: Squarespace sites?

Firstly, this isn’t a bug in Squarespace; it’s a security feature that is built into web browsers. 

If a person visits a secure https page they expect all the content on that page to be secure. An embedded http: page would not be secure and so the holding page’s security could be bypassed. 

For this reason web standards dictate that any content embedded into a  securely encrypted page must also be secure. 

How can I get my http: iframe code to work?

Here are two possible fixes is your Squarespace IFRAME is not working :

  • You could disable SSL security and run your Squarespace website on an http connection. The iframe won’t be visible when logged in to admin ( because it’s https) but will be ok on the customer facing URL (because customer facing URL and iframe URL are both http).
  • Find out if there is a secure (https) version of the IFRAME embed url and use that. Both the main site and embedded IFRAME page will be https and the embed will  work.

Of these two solutions the second is preferable as it does not involve reducing site security for the sake of a single embedded section.