How to Embed Your Website or Web Contact Form into a Martech3D App

You can embed a website, landing page, or web-based contact form directly inside your Martech3D app - for example, within an iframe, a hotspot, or a panel inside your interactive 3D experience.

To make this work smoothly, your website must allow cross-origin permissions, ensuring browsers don’t block the embedded content for security reasons.

What needs to be configured

To successfully display an embedded website or form inside your Martech3D app, the source site (the one being embedded) must allow framing and cross-origin access.

Here’s what to check or update on your web server:

  1. Enable embedding with Content Security Policy (CSP)

    Add this header to your site’s configuration:

    Content-Security-Policy: frame-ancestors https://platform.martech3d.com  

    This tells browsers your content can appear inside a Martech3D-hosted app iframe.

  2. (Optional legacy setting) — if your setup still uses older security headers, include:

    X-Frame-Options: ALLOW-FROM https://platform.martech3d.com  

    Note: This header is now deprecated, so CSP is the preferred and most reliable option.

  3. Allow cross-origin requests (CORS)

    If your form makes API calls (e.g., to submit user data or fetch content), your backend must include:

Access-Control-Allow-Origin: https://platform.martech3d.com  Access-Control-Allow-Methods: GET, POST, OPTIONS  Access-Control-Allow-Headers: Content-Type, Authorization

  1. Use HTTPS on both domains

    Both your website and your Martech3D app must use HTTPS.

    Browsers block mixed (HTTP/HTTPS) content for security reasons.

Example iframe setup inside Martech3D

Once your headers are correctly configured, Martech3D can embed your webpage using an iframe like this:

<iframe  src="https://your-website.com/contact-form"  width="100%"  height="600"  style="border:0;"  allowfullscreen ></iframe>

If the configuration is correct, your website or form will appear seamlessly inside your Martech3D app.

If you see an error like:

Refused to display 'https://your-website.com' in a frame because it set 'X-Frame-Options' to 'sameorigin'  

then your headers still need adjusting.

Why this matters

  • Ensures your website or contact form can be securely embedded inside Martech3D apps
  • Prevents browser blocks and “refused to display” errors
  • Keeps user data secure with HTTPS and domain restrictions
  • Allows you to integrate forms, microsites, or lead capture pages directly into your 3D experience

Is it secure?

Yes - when configured properly, embedding in Martech3D is completely safe.

Each embed setup should:

  • Allow only trusted domains in frame-ancestors   (for example, https://platform.martech3d.com  )
  • Use HTTPS for encryption
  • Keep APIs protected through CORS with specific origins (never use *  )

Example Nginx configuration

If you manage your own hosting, you can add headers like this:

add_header Content-Security-Policy "frame-ancestors https://platform.martech3d.com"; add_header Access-Control-Allow-Origin "https://platform.martech3d.com"; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; add_header Access-Control-Allow-Headers "Content-Type, Authorization";

Summary

Requirement Purpose Example Header
Content-Security-Policy Allow embedding inside Martech3D apps frame-ancestors https://platform.martech3d.com  
Access-Control-Allow-Origin Enable API access https://platform.martech3d.com  
HTTPS Secure content loading
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.