Common issues working with website proofs

Mike Salyga
Mike Salyga
  • Updated

If you're having issues while reviewing live website proofs, use these troubleshooting tips.

 

Website is hosted on HTTP instead of HTTPS

Website contains restricted iframes

Website includes scripts that reference the parent frame

Website uses reCaptcha (Google)

 

Website is hosted on HTTP instead of HTTPS

The Ziflow Proof Viewer is hosted over HTTPS (secure). If your website is not secure (HTTP), it has to load through Ziflow’s proxy to avoid browser restrictions on “mixed content.”

However, if your site includes direct links to other non-secure resources, the browser may block them and cause the site to break or not load fully.

How to fix it

Option 1: Host your website over HTTPS
This is the most reliable fix.

Option 2: Use relative links instead of absolute URLs
Update your site’s links to relative paths instead of full URLs (e.g., use /image.png instead of http://example.com/image.png).

Option 3: Let Ziflow rewrite the URLs
You can do this by either editing your original website or you can let Ziflow try to rewrite the URL when loading the website.
To enable this:

  1. Go to Settings > Proofing Settings > Proof Viewer > Live websites and Rich Media.
  2. Enable Live websites: URL rewriting

Option 4: Disable proxying or adding an Allow or Block list (advanced)
In some cases, our proxy may not work with certain sites. Try turning off the proxy feature (Dynamic) or adding an allow list of URLs. For more information, see Configure how Ziflow loads live websites.

Website contains restricted iframes

Due to our security policy, Ziflow blocks live website or Rich Media proofs if they include iframes using any of these attributes:

  • allow-modals
  • allow-orientation-lock
  • allow-pointer-lock
  • allow-popups
  • allow-popups-to-escape-sandbox
  • allow-presentation
  • allow-same-origin
  • allow-top-navigation
  • allow-top-navigation-by-user-activation

How to fix it

You’ll need to remove these attributes from any iframes in your content before uploading the proof.

 

Website includes scripts that reference the parent frame

If a live proof displays correctly on your website but fails to render properly inside the Proof Viewer, this may be caused by how the client’s website code interacts with the iframe environment used by the Proof Viewer.

  • The proof does not load or render as expected in the Proof Viewer.
     
  • When checking the browser’s Developer Tools console, you may see an error such as:
    Uncaught SecurityError: Blocked a frame with origin "https://example.io" from accessing a cross-origin frame.
  • The page works normally when accessed directly outside the Proof Viewer.
     

The Proof Viewer displays your website inside an iframe. Many websites include scripts that reference the parent frame (for example, by calling parent.document or window.parent).

  • If the iframe and parent are on the same domain, this code works as expected.
     
  • If the iframe and parent are on different domains (for example, ziflow.io displaying example.io), browsers block this cross-domain access due to the same-origin policy.
     

When blocked, the script may throw an error (SecurityError, DOMException) or silently fail, which can prevent your site from working properly inside the Proof Viewer.

 

How to fix it

Note: If you are not the developer of the website, please share this with the person responsible for maintaining the site so they can make the necessary adjustments.

To ensure your website works inside the Proof Viewer:

  1. Avoid direct parent references
    Remove code that directly calls parent.document, window.parent, top, or similar cross-frame objects.
     
  2. Wrap code in error handling
    If parent references are unavoidable, wrap them in a try { } catch { } block to prevent crashes.

    Example:
try {

  var parentUrl = window.parent.location.href;

  console.log("Parent URL:", parentUrl);

} catch (e) {

  console.warn("Unable to access parent frame:", e);

}
  1. Test in an iframe
    Test your site inside an iframe hosted on a different domain before publishing. This will reveal potential cross-origin issues.

 

 

Website uses reCaptcha (Google)

Pages protected with Google reCaptcha v3 may not load correctly in the Proof Viewer unless you add Ziflow as an allowed domain.

How to fix it:

  1. Go to https://www.google.com/recaptcha/admin

  2. Open the Settings of your v3 API Account

  3. In the Domains option, add proof-proxy.ziflow.net domain.

 

 

Supporting material:

 

 

Related articles

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.