Updates

See what’s new at Iframely.

It is time we say goodbye and deprecate our two legacy dependencies:

  • We’re phasing out HTTP. New terms suggest you to connect via encrypted channels. From now on, please use HTTPS for all requests - it's faster, safer, and part of being compliant, if you ever need it yourself. HTTP is deprecated, and we will start forwarding to HTTPS next year.
  • The other thing is our main CDN. For performance, security, and added flexibility, we are deprecating our current API subdomain "cdn.iframe.ly". We will migrate to the dedicated CDN domain “iframely.net” and plan to flip the system settings by the end of this year. If you have any code dependencies on cdn.iframe.ly - please allow for iframely.net or reach out to us so we make sure the CDN does not change for you.

Note: This CDN change only affects hosted iframes. All API endpoints, such as /api/iframely and /api/oembed, remain on iframe.ly and are not affected by this update.

Introducing Publisher Console (Beta) Introducing Publisher Console (Beta)

We’ve started rolling out a beta version of Publisher Console inside Iframely - a new space designed to give publishers more visibility and control over how their content appears across the web.

This early release brings together domain-level insights and publisher tools that will evolve over time. While the feature set is still taking shape, Publisher Console is intended to become the home for managing and improving your site or app presence.

Interested in trying it out? Log in to your Iframely account and switch to Publish mode from the top-right corner of your dashboard.

Your early feedback helps shape what’s next - thank you for helping us build it.

Iframely is now SOC 2 Type II compliant Iframely is now SOC 2 Type II compliant

We are pleased to announce that Itteco Software Corp., the company behind Iframely, has completed its inaugural SOC 2 Type II audit. We are now SOC 2 compliant, as tested and attested by Prescient.

Achieving SOC 2 Type II compliance is a significant milestone for us, as it demonstrates our commitment to maintaining the highest standards of security, privacy, and reliability for our customers.

If your security team needs a copy of our SOC 2 report for vendor assessment or procurement, please request it via our new Trust Center. If you have specific security questions, see our Security page or get in touch directly.

Consents withdrawal page for your end users now needs to be embedded as a form on your site Consents withdrawal page for your end users now needs to be embedded as a form on your site

Iframely allows you to request privacy consents from end users before displaying third-party rich media to them. Consents are kept in the user's browser, in local storage of Iframely or your own CDN domain. To withdraw the media consents, users need to remove records from that domain storage.

For this purpose, Iframely hosts a dedicated settings page where users can manage their preferences. However, the latest changes in Chrome browser require that settings page to be embedded as a form on your own domain instead.

Starting with Chrome 115, local storage for iframes is partitioned per hosting domain. The storage of iframes embedded on Site A is separate from the storage on Site B, and both of them are different from the storage on the Iframely CDN page directly, without an iframe context.

If you previously exposed the consents settings to your end users, here's what you need to change to keep it working:

1. Add a dedicated page in your app to host the settings form. You can link to that page in your own documentation and can also add it as a link to media widgets.

2. Embed the Iframely settings page as a form on your page.

This change ensures that the consent management form is available on the same domain as your embeds, giving users proper access to their consent management options.

For complete setup instructions, embed code examples, and parameter reference, please refer to our User Consents Documentation.

Instagram Profile embeds are enabled for everyone Instagram Profile embeds are enabled for everyone

Instagram Profile embeds are now enabled for everyone.

Until now, these embeds required a feature flag for your account with us. Because Instagram only supported them in the U.S., they were disabled on Iframely by default. Instagram has since expanded availability, so they now work more broadly.

If the full user profiles are alright for you, you don't need to do anything - profile embeds will start working automatically. If you'd rather not include them, you can turn this option off in your Iframely settings. This can also be done on per-URL basis, including using our cherry-picking mechanism for end-users.

Instagram profile embeds are only available for public accounts that have the "embedding" option enabled (see documentation). If embedding is disabled for a profile, Iframely will instead generate a summary card - just like before, when profile embeds were turned off by default.

We've made some light reviews to our Terms of Use and Privacy Policy. Nothing is really changing in how we do things - new versions just add a bit more detail about our responsibilities as we work towards SOC 2 structure, a formal security certification that will be helpful for many of our customers.

The Privacy Policy takes effect right away, and the updated Terms will become effective on November 11. You can find the links to the previous document versions at the bottom of the document. When you log in, the system will ask you to review and confirm both - just to keep everything transparent and up to date.

A couple more important things to note: please take a read of our deprecation of HTTP and our legacy CDN host.

Thanks for staying with us and trusting us with your business. Looking forward to what is coming! 🚀

Facebook & Instagram oEmbed thumbnail deprecation Facebook & Instagram oEmbed thumbnail deprecation

Facebook and Instagram have announced changes to their API endpoints that affect how media will be returned.

Starting November 3, 2025, the oEmbed responses for Facebook posts, Facebook videos, and Instagram posts will no longer include author information or thumbnail data. The fields author_name, author_url, thumbnail_url, thumbnail_width, and thumbnail_height are being deprecated and removed.

Meta recommends generating thumbnails directly from the HTML metadata of the original post, and Iframely will try to provide those images to you.

However, this data will be subject to availability and rate-limits from Facebook and Instagram, and we cannot predict the outcome at this point. Unfortunately, Instagram’s meta thumbnail images are cropped, and perhaps they and Facebook will restrict image sizes even more in the future.

5 new providers, and more options for X and Imgur 5 new providers, and more options for X and Imgur

We’ve expanded Iframely’s provider ecosystem and added more ways to customize embeds, giving you finer control and wider compatibility.

New providers added

You can now embed content from Steller, HubSpot payments, Donorbox, and Weezevent.

If there’s a provider you’d like us to support next, we’d love to hear from you - just send your request.

New customization options

For X / Twitter, you can choose to disable timelines if you prefer a stricter layout. It appears that X timelines do not work for people in many geographical regions. If your users are affected, please disable timelines and get our summary card instead.

There is also a new Hide title option for Imgur. Add it to remove the user captions from the images for tighter visual consistency in your embeds.

Introducing new developer dashboard Introducing new developer dashboard

We’ve reviewed and completely redesigned the Iframely Dashboard - faster, cleaner, and built to make managing your embeds more straightforward. While most things should remain familiar, here are some of the changes that you will see.

Better structure for provider settings

We’ve moved all provider settings into their own space. You can now find, enable, or fine-tune integrations in one place. We have many more options to add to that space. If you need a specific provider configuration, please let us know.

Smarter usage insights

Analytics got a full overhaul with richer data views and more ways to understand your usage. You can now track hits and calls in real time, filter and sort results to spot patterns faster, and explore how your traffic evolves over time in one clear, interactive view.

URL history is gone

The developer dashboard no longer provides any history about individual URLs that your app is sending to us. Individual URLs can only be seen in the realtime monitor now. We decode URL hashes in realtime, just for your browser, and only while you are watching.

Simplified billing management

Billing has also got a better structure. You can now see the list of invoices, update your card details or delegate billing to a colleague in a dedicated space. We also have a dedicated billing information form and full address entry so we can better coordinate that with Iframely tax responsibilities.

Your account, your way

We have a better place for your regional preferences, your interface theme: light, dark, or system. You may also link to your Gravatar picture. There is also a dedicated page to the account activity log.