PDFShot

Embedding

Drop a public PDF inline on any site with a one-line iframe — no scripts, no CORS dance.

Embed a PDF

Once a capture is public (see Sharing), the dashboard surfaces an Embed button that copies a ready-to-paste snippet:

<iframe
  src="https://deepsyte.com/embed/<token>"
  width="100%"
  height="600"
  frameborder="0"
  allowfullscreen
></iframe>

The embed route lives at https://deepsyte.com/embed/<token> and serves a chrome-less viewer:

  • PDFs render in a full-bleed <iframe> (browser's native PDF viewer).
  • Images render full-bleed <img> with object-contain.
  • A small "Made with PDFShot" footer with UTM-tagged link back.
  • No headers, navbars, ads, or DeepSyte branding outside the footer.

Where it works

The embed route sets:

Content-Security-Policy: frame-ancestors *

That tells the browser to allow embedding from any origin. Per the CSP spec this overrides any default X-Frame-Options: SAMEORIGIN, so you can drop the iframe on:

  • Notion
  • Webflow
  • WordPress
  • Custom SaaS dashboards
  • HTML emails (most clients block iframes, but some allow them)
  • Static .html files

Killing an embed

Embed tokens are the same tokens as Sharing. Revoking the share (DELETE /api/screenshots/:id/share) kills the embed everywhere — the iframe will show a 404 until you mint a new token.

Sizing tips

  • The default height="600" works for most A4-portrait PDFs at typical screen widths. Increase to 800-1000 for longer documents.
  • Add style="border: 1px solid #e5e5ea; border-radius: 12px;" to match the PDFShot dashboard aesthetic.
  • For mobile-friendly responsive embeds, wrap in an aspect-ratio container (e.g. Tailwind's aspect-[210/297]).

Sharing

Per-PDF public links, how to mint and revoke them, and what someone with the link can see.

Watermark

Free-plan PDFs include a small "Made with PDFShot" footer. Paid plans render clean.

On this page

Embed a PDFWhere it worksKilling an embedSizing tips