<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=128060241156018&amp;ev=PageView&amp;noscript=1">
Skip to content
  • There are no suggestions because the search field is empty.

Stay22 Map FAQ

Will putting an <iframe> in our checkout or confirmation page cause a security risk?

Iframes are completely safe and harmless wherever you decide to embed your Stay22 maps. Iframes are sandboxed and have restricted access due to the Same-origin policy. Browsers automatically block iframes and scripts from accessing the parent window object or parent DOM in a third-party context (when the iframe/script domain does not match the parent domain). Read more on MDN.

 

Is the Stay22 map safe in terms of XSS and other vulnerabilities?

We continually test our product from exploits and continually work with bounty hunters to patch holes up. Since we have don’t any user info leaking on Stay22.com domain, any exploit is rather meaningless. That said, we also worked with a security firm and have a clean report if you are interested in reading it. Simply ping us and we’ll dispatch a copy of the report to you.

 

Will putting an <iframe> ruin our SEO or bleed backlink juice?

Websites around the world feature iframes of Google Maps and Youtube videos to name a few services. Search engine crawlers know how to deal and index properly. Since it’s not direct linking from an  <a href=""> and instead it’s from an <iframe>, you will not be giving out backlink juice.

 

Won’t putting down an <iframe> slow down our page?

Yes and no. No matter what you decide to add to your page, users will end up loading it. The good news is that we worked extra hard to make sure Stay22’s maps don’t load until it’s in the viewport of the user and they can actually see it (aka lazy loading). This reduces the file size required down to 82 Kb, in other words.. you’re just adding a small “jpeg/picture”, so no noticeable difference. You are also free to test us in Google’s PageSpeed insights.

 

What are your cookie policies?

As it stands currently, we only have one cookie originating from Stay22.com. It is a session ID related to an UUID for performance reporting. For e.g: so we get to know when a click, or a booking happens and to which end-user it belongs to. We have 2 other cookies to track users originating from Google Analytics and Mixpanel. Most browsers today refresh (clear and re-assign) those cookies on loading of the iframe, if the iframe is in third party context.

 

I noticed a JS console error, should we be worried?

We pride ourselves for not having any console errors coming from our iframe. However, should you notice one, please do report it to us so we fix it asap. We understand during development time it could be a pain to have mixed messages polluting your console.