Ohidur
All articles
2 min read

Embedding a Google Apps Script Web App on Your Website

Google Apps Script web apps have long, opaque URLs. Learn how to embed your script app in your own website using an iframe with the ALLOWALL X-Frame-Options mode.

When you deploy a Google Apps Script web app, the public URL looks like this:

https://script.google.com/macros/s/AKfycbxxxxxxxxxxxxxxx/exec

This URL is hard to share and can't be served under your own domain. However, you can embed the web app on a page at your own domain using an <iframe> — visitors interact with it at your URL while the script still runs on Google's servers.

Enabling iframe Embedding

By default, Google Apps Script sets strict X-Frame-Options headers that prevent cross-origin embedding. To allow your app to be embedded, add setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL) to your doGet function:

function doGet(e) {
  return HtmlService
    .createTemplateFromFile('index')
    .evaluate()
    .setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
}

Without this, the browser will refuse to load the script in an iframe with a Refused to frame error.

Embedding with an iframe

Once your script is deployed with ALLOWALL, embed it on any page:

<iframe
  src="https://script.google.com/macros/s/YOUR_SCRIPT_ID/exec"
  width="100%"
  height="600"
  frameborder="0"
  style="border: none;">
</iframe>

Replace YOUR_SCRIPT_ID with your actual deployment ID. The iframe inherits your page's domain in the browser's address bar, so visitors see your URL — the script URL never appears.

Deploying the Web App

  1. In the Apps Script editor, click Deploy → New deployment
  2. Select Web app as the type
  3. Set Execute as: Me (or User accessing the web app)
  4. Set Who has access: Anyone (or restrict as needed)
  5. Click Deploy and copy the web app URL

After updating your script, create a new deployment version to see changes — editing the code doesn't automatically update an existing deployment.

Limitations

  • Not a true custom domain. The script still runs on Google's servers at a script.google.com URL. If Google's servers are blocked (e.g., by corporate firewalls or in certain countries), the iframe will fail to load.
  • Mobile responsiveness. iframes don't resize dynamically. Use JavaScript's postMessage API from inside the script to send height information to the parent page if you need auto-sizing.
  • HTTPS required. If your page is served over HTTPS, the embedded iframe src must also be HTTPS — which it is for script.google.com.

Passing Parameters to the Script

You can pass URL parameters into the script by including them in the iframe src:

<iframe src="https://script.google.com/macros/s/YOUR_ID/exec?user=alice&mode=view"></iframe>

Inside the script, read them from the event object:

function doGet(e) {
  const user = e.parameter.user;
  const mode = e.parameter.mode;
  // use these values to customize the response
}

Conclusion

Embedding a Google Apps Script app in an iframe is a straightforward way to surface your script's UI on your own website. It's not a true custom domain — the script still lives at a script.google.com URL — but it gives visitors a seamless experience at your domain without any server infrastructure.