SharePoint site collection administrators control whether users can embed content from external websites using the embed web part. If they don't let contributors embed content, users who try to do so will see an error message that says, “Embedding content from this website isn't allowed.”
Site level settings
Site collection admins can turn off embedding content, allow embedding content from a specific list of sites, or allow embedding from any site by changing the HTML Field Security setting in Site settings. Here's how:
-
Browse to the root site of your site collection.
-
Select Settings, then select Site settings. If you don't see Site settings, select Site information and then select View all site settings.
-
On the Site Settings page, under Site Collection Administration, select HTML Field Security.
-
Select one of the following options:
-
Don't allow contributors to insert iframes from external domains to disallow the use of iFrames for all sites in the site collection.
-
Allow contributors to insert iframes from any domain to allow the use of iFrames for all sites in the site collection and to allow data from any external website to be displayed in the iFrame. For security reasons, we don't recommend this option.
Note: When custom scripting is turned off for your site, this option applies only to the Embed web part. All other HTML fields will only allow embedding from the specified list of external domains described below. For more information on scripting, see Allow or prevent custom script.
-
Allow contributors to insert iframes only from the following domains to add a web domain to a list of domains whose content can be displayed in iframes in the site collection. To remove a website from the list, select it, and then select Remove.
-
-
Select OK.
SharePoint comes with a default list of websites from which content can be displayed. You can add or remove sites in this list.