Skip to Content
Product Information
Author's profile photo Arne Manthey

Embed Landing Pages in your First Party Company Page with iFrames


The landing pages in SAP Marketing Cloud can be easily published (see documentation). However, sometimes you just want to embed a simple form onto your main web page (For example, a newsletter subscription). One solution would be to embed a published landing page with an iFrame in another page, but until recently SAP Marketing Cloud prevented this due to security regulations.

With 2105 we have introduced an allow-list (see Configure Content Repositories) for domains which are considered safe for iFrame embedding. In the following chapter I show you how it works.

Setup and Example

My example scenario is a very simple newsletter subscription form which just shows an email address field and a submit button. This form has to be embedded in the side panel of my WordPress page.

Form definition

To start with, I have set up a form with the email address field and a hidden subscription field with the ‘Pre-Selected’ option active:

Landing Page

To be able to publish the form easily I use a landing page with a very simple layout which is also restricted in width to fit in my WordPress side panel.

WordPress Side Panel Configuration

After publication of the landing page I entered the landing page link in a custom HTML widget container (see below on the left). Since I did not yet add my domain to the iFrame allowlist my form does not yet show up in the preview of the web page (see also the error message in the JavaScript console at the bottom of the screenshot)

iFrame Allowlist

Below you see the new feature which is included in the app ‘Content Repository Configuration‘ which also lets you define a custom domain for your landing page publication. I added the domain of my main web page here.

Note that it is possible to specify multiple different domains here.

Final Result

Below you see the final view of my web page with the form visible in the right side panel.

Note on Online Test Environments

If you have the idea to test this in one of the numerous online HTML test environments (JSFiddle, CodePen,…) you might need to check for any hidden domains that those tools use. Here is what I found for the two mentioned ones:

No guarantee on these though – those pages might change their setup in the future.


Now you should be able to embed your landing pages and forms on other web pages on multiple domains.

Please also check this related blog post: Quick Tip: Pass Outbound ID to Form in iFrame

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Tobias Schneider
      Tobias Schneider

      Pretty cool new feature we've been waiting for! Seems so simple yet can be so valuable 🙂

      Thanks for posting Arne

      Author's profile photo Arne Manthey
      Arne Manthey
      Blog Post Author

      Thanks a lot for the nice comment 🙂

      Author's profile photo Joyca Vervinckt
      Joyca Vervinckt

      Hi Arne,

      Thank you for the nice blog, I can't wait to try it once it's live 🙂

      You seem like the perfect person to ask, could you take a look at this question I posted yesterday?

      It's about whether these iframed landing pages have "contact" with the website that they are embedded in, related to identification of anonymous website visitors.

      Because through Google Analytics we can track anonymous website behavior, and if a visitor subsequently fills in such an embedded landing page, I'd like to use that to identify his past website visits.




      Author's profile photo Nils Walter
      Nils Walter

      Hi Arne,

      we're currently trying to establish the embedding of SMC LP data in SAP Commerce webshop.

      Whenever we try to reach the LP the browser console shows the following error message:

      "XMLHttpRequest at >LP-URL< from origin >Shop-URL< has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

      I tried to add the shop URL to trusted domains in SAP IAS connected to the SMC tenant we use (without https, otherwise it won't be recognized as a valid domain) but without success in resolving the error. Of course the URL (with and without https) is also maintained in SMC IFrame allowance list as described in your blog.

      Could you point me towards solving this problem?


      Author's profile photo Arne Manthey
      Arne Manthey
      Blog Post Author

      Hi Nils,

      maybe there is also a different domain involved in the entire communication? It might be worth to check the network traffic in the browser development tools.

      If that does not help I suggest to create a ticket.

      Best regards,

      Author's profile photo Maaike Van Landschoot
      Maaike Van Landschoot

      Hi Arne (@arne.manthey),

      I have a question related to the security guarantees that SAP Marketing Cloud offers for their landing pages. What security does SAP offer to the landing pages to prevent attacks, for example against someone who wants to compromise the landing page (URL).

      Thank you in advance!

      Best regards,