Cross-origin pages and iframes
The Screeb tag runs inside an invisible iframe that it adds to your page. In almost every setup this is completely transparent and every Screeb feature works normally โ you don't need to do anything special.
This page only matters in one specific situation: when the page Screeb is
loaded on is split across different origins using iframes. An origin is
the combination of protocol, domain and port (for example
https://app.example.com and https://checkout.example.com:8443 are different
origins). When your content lives in an iframe whose origin differs from where
Screeb is loaded, browsers block any access between the two frames.
This is a built-in browser security rule (the same-origin policy), not a Screeb limitation. No script โ Screeb's or anyone else's โ can read the content of a frame from another origin. Screeb degrades gracefully instead of breaking, but the affected features below cannot work across that boundary.
What still works across originsโ
- Showing and answering surveys and messages
- Triggering by time on page, tracked events, and page URL
- Identity, user properties, groups, and event tracking
- AI copilots
What is limited or unavailable across originsโ
These features need to read the host page (its DOM, scroll position, address or title), which the browser forbids across origins:
| Feature | Across origins |
|---|---|
| Trigger on scroll percentage | โ Unavailable |
| Trigger on scroll to an element | โ Unavailable |
| Trigger on presence/visibility of a CSS element | โ Unavailable |
| Trigger on click on a CSS element | โ Unavailable |
| Exit / leave intent trigger | โ Unavailable |
| Session recording | โ Not recorded |
| Captured page URL and title in events | โ Empty |
| Survey editor live preview on your site | โ Unavailable |
| Exact screen size of the host page | โ ๏ธ Best-effort (uses the device screen) |
How to make everything workโ
Cross-origin limitations can only be solved on your side, by removing the boundary between Screeb and the content it needs to see:
- Install the Screeb tag on the page that actually contains the content you want to target, rather than on a parent page that embeds it in an iframe from another origin.
- If your app is composed of nested iframes, make sure the frame running Screeb and the content you target share the same origin.
If you are unsure whether your setup is affected, open your browser developer
console on the page and run $screeb('debug'); โ and reach out to our support
if you need a hand.