Apply Restrictions to Embedded Content
Defines whether to apply the Allowed Domains and/or Restricted Domains settings to content that is embedded into an allowed page, but hosted at another location. This type of embedding is generally done through an iframe or object tag.
When turned on, any embedded content is checked against the lists before it is displayed. If the URL where the content is hosted is not allowed, the embedded content will not be shown. The rest of the page will load as expected.
For example, if you had a site with externally-hosted ad banners, enabling this setting would allow you to display the site without these banners. In this case, the banners would not show, no alert would be shown, and the rest of the page would load normally.
Note: If embedded content is blocked, the Blocked Request Alert will not be shown regardless of the Show Blocked Request Alert setting.
When you disable this setting, only content that opens directly in the browser window will be checked against the Allowed & Restricted Domain lists. Content that is embedded into an allowed page will not be screened and will load regardless of whether the source url would otherwise be allowed.
An example where you might want to disable this setting would be a site with embedded video content hosted on YouTube. Disabling this setting would allow these embedded videos to be shown normally without allowing navigation to the main YouTube site or the need to add each embedded video's URL to the Allowed Domain list.
Values for Remote Settings Control & Managed App Configuration
- Added in version 5.0