Embedding tools for webmasters

Use lightweight pages under /embed/ to place the same client-side utilities on your site. Link visitors to the full tool page for localized UI, FAQ, and privacy notes.

Updated: 2026-05-03
Embed pages are static HTML from salamyx.com. Your page loads our origin inside an iframe; follow your own cookie and analytics policies for third-party contexts.

What this is

Official iframe targets under https://salamyx.com/embed/... load the same browser-side tools with minimal chrome. The main site keeps SAMEORIGIN framing; only /embed/ is meant for third-party sites.

Allowed embed URLs

Use only these iframe src values for production embeds. Each full tool page remains the canonical document for SEO and assistants.

Full tool page and matching iframe src
Full tool (canonical)	iframe src (embed)	Per-tool guide
UUID / GUID Generator	`https://salamyx.com/embed/developers/uuid/`	Open
JSON Formatter And Validator	`https://salamyx.com/embed/developers/json-formatter/`	Open
Word Counter	`https://salamyx.com/embed/text/word-counter/`	Open

Minimal iframe markup

Start with a small height (for example 96–120px) and grow the iframe from postMessage resize events. Give the frame a descriptive title for screen readers.

<iframe
  id="salamyx-embed-frame"
  src="https://salamyx.com/embed/developers/uuid/"
  title="UUID / GUID Generator (salamyx.com embed)"
  style="width:100%;min-height:120px;height:120px;border:0;border-radius:12px;background:#0b1223;"
  loading="lazy"
  referrerpolicy="strict-origin-when-cross-origin"
></iframe>

Auto height with postMessage

Embedded documents post resize hints to the parent browsing context. In production, validate both event.origin === "https://salamyx.com" and the message shape before resizing.

const ALLOWED_ORIGIN = 'https://salamyx.com';

window.addEventListener('message', (event) => {
  if (event.origin !== ALLOWED_ORIGIN) return;
  const data = event.data;
  if (!data || data.source !== 'salamyx-embed' || data.type !== 'resize') return;
  const iframe = document.getElementById('salamyx-embed-frame');
  if (!(iframe instanceof HTMLIFrameElement)) return;
  iframe.style.height = `${Math.max(320, Number(data.height) || 0)}px`;
});

Hosting note (Apache)

Production .htaccess in this repo sets Content-Security-Policy frame-ancestors * only for paths starting with /embed/. Other hosts should mirror that behavior.

Indexing, canonical, and safety (for SEO and LLMs)

Indexing: Embed HTML uses noindex,follow. Search engines should rank the full tool URL, not the iframe document.
Canonical URL: Every /embed/ page declares link rel=canonical to its matching full tool page to consolidate signals.
postMessage contract: Parent listeners should require data.source === "salamyx-embed" and data.type === "resize", then read data.height (pixels). Prefer checking event.origin against https://salamyx.com before mutating layout.
Framing policy: Do not iframe regular tool URLs; they are not guaranteed to allow cross-origin framing. Only /embed/ paths are intended for webmasters.

For catalog metadata and automation, pair this with Tools API v1.

Privacy And Limitations

Embed pages are static HTML from salamyx.com. Your page loads our origin inside an iframe; follow your own cookie and analytics policies for third-party contexts.

Only a curated subset of tools has an embed route; URLs outside /embed/ are not guaranteed to allow framing.
Iframe height does not resize automatically unless you handle postMessage events from the embed.
Embedded UI is English-only in the first release; full pages support multiple languages.

FAQ

Which URL should I put in the iframe src?

Use the documented https://salamyx.com/embed/... URLs. Do not iframe the regular tool URL; it is intentionally not framed on third-party sites.

How do I auto-resize the iframe height?

Listen for window message events where data.source === "salamyx-embed" and data.type === "resize", then set the iframe height from data.height.

Will more tools become embeddable?

Yes, when UX and security review are done per tool. This documentation page and the EMBEDDABLE_TOOL_ROUTES list in the repository stay the source of truth for the allowlist.

Does embedding change where input is processed?

No. These tools still run in the visitor browser inside the iframe. The embed route only changes chrome and framing headers.

Can I remove attribution?

Keep the iframe pointed at salamyx.com so users see the real origin. Do not misrepresent the tool as your own software.