ClearPoint is built to provide a secure, stable environment for reporting. While iFrames may appear to offer a convenient way to display external content inside ClearPoint, they introduce significant security vulnerabilities and often lead to inconsistent or broken display behavior. For this reason, iFrames are discouraged across the platform.

iFrames can act as a delivery mechanism for malicious scripts. If the external content is compromised—or if an attacker injects malicious code into the embedded resource—it could expose ClearPoint users to unauthorized actions, credential theft, or data access.

Attackers can use an iFrame to hide or overlay malicious buttons under legitimate ClearPoint content. Users may think they’re clicking something safe, but they are unknowingly performing harmful actions.

Embedding content from non-secure sources (HTTP instead of HTTPS) compromises ClearPoint’s secure environment. Modern browsers increasingly block insecure content entirely, causing the iFrame to fail or display unpredictably.

Browsers handle iFrames differently. Updates can change rendering behavior, breaking content that previously worked. This often results in inconsistent display across browsers or device types.

More websites use strict security policies such as Content Security Policy (CSP) or X-Frame-Options, which block their content from being embedded. This means many trusted sites cannot be displayed inside an iFrame at all.

Websites may intentionally prevent embedding to avoid security risks. When this happens, the iFrame will simply show an error or a blank space.

Even if an iFrame works today, it may break tomorrow. Updates to the third-party site—layout changes, URL updates, security enhancements—can instantly invalidate your embed.

ClearPoint continuously improves platform security and performance. These updates may change how iFrames behave or restrict their use. Because iFrames conflict with modern security standards, they may become increasingly unsupported.

As industry best practices evolve, many platforms are phasing out iFrames entirely. ClearPoint may further limit iFrame functionality to align with these standards and maintain a secure environment.

Instead of embedding content with iFrames, consider:

Securely import external data into ClearPoint using supported integrations.

Provide a hyperlink to external systems or documents rather than embedding them.

Some third-party applications provide compliant embed codes designed to meet modern security standards. Ensure all embedded content uses HTTPS and adheres to strong CSP guidelines.

Although iFrames may appear convenient, their security risks and compatibility issues make them unsuitable for embedding content within ClearPoint. ClearPoint prioritizes safety, data protection, and long-term stability, and using alternatives to iFrames helps ensure a secure and reliable reporting experience.

If you have questions or want help evaluating secure embedding options, our support team is here to help.