Embed an existing About page
It’s possible to embed an existing About page from your organization’s website directly into Aviary. This allows organizations to display About pages from their websites rather than manually adding information to the About Your Organization profile section in Aviary. The webpage will then be displayed to users in an embedded iframe when viewing the organization’s About page on the Aviary platform.
Follow these steps to embed an external webpage into your Aviary organization’s About page:
<style>
#target {
width: 100%;
height: 1000px;
overflow-y: auto;
overflow-x: auto;
resize: both;
position: relative;
z-index: 2;
}
iframe {
width: 100%;
height: 100%;
border: none;
}
</style>
<div id="target"><iframe src="https://www.YOUR ORGANIZATION'S URL.com"></iframe></div>
Note: Embedding an external webpage into Aviary may require configuring additional settings on your organization’s web server. See below for more information about troubleshooting and configuring your web server to allow iframe embeds.
Iframe embed requirements
If you want to embed your website inside our platform using an iframe, you must configure your server to allow iframe embedding.
Modern web browsers enforce security policies that may block pages from being displayed inside an iframe. If your web server is not configured correctly, users may see a blank page or an error similar to:
To protect your security, Firefox will not allow this page to be displayed if another site has embedded it.
Why this happens
This error is caused by security headers sent from your web server. Modern web browsers block iframe embedding when certain HTTP security headers are present, such as:
These security headers are designed to prevent clickjacking attacks, but they must also be configured properly to allow iframe embedding on trusted platforms.
Configuration requirements
1. X-Frame-Options Header
This header controls whether your page can be embedded.
❌ Blocking configurations
The following values will prevent iframe embedding:
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
✅ Required action
Either:
OR
2. Content Security Policy (CSP)
Modern web browsers use the frame-ancestors directive in Content Security Policies to control iframe embedding.
You must allow the Aviary organization’s URL in your CSP header.
Example:
If multiple domains need access:
Note: Replace https://subdomain.aviaryplatform.com with the Aviary organization’s subdomain where the webpage will be embedded.
3. Check for Meta tags blocking embedding
Ensure your webpage’s HTML code does NOT include any restrictive meta tags like: <meta http-equiv="X-Frame-Options" content="deny">
4. HTTPS
Because the Aviary Platform uses the secure hypertext transfer protocol (HTTPS), your website must also use HTTPS. Web browsers will block any insecure (HTTP) webpages that are embedded inside iframes on a secure (HTTPS) website.
Browser testing
After configuring your web server and embedding the webpage in your organization’s Aviary Profile settings, try viewing your organization’s Aviary About page using different browsers.
Aviary currently supports Chrome, Firefox, Safari, and Edge. Firefox tends to enforce stricter iframe policies. If the page loads correctly in Aviary without displaying errors in these browsers, the embedded website’s server is configured correctly.
Troubleshooting
If embedding a webpage in your Aviary organization’s About section still fails:
