In current Internet-based ad-serving environments, a publisher webpage showing display advertisements are vulnerable to security threats from advertisement code that runs within the same publisher domain. Some of the common threats include compromising user cookies or data, compromised access to publisher content and a wide range of attacks possible through cross-site scripting. The only practical approach that exists within the current browser standards to prevent xss (cross site scripting) or other cross site scripting or sandboxing against user data and other security vulnerabilities is to host the display advertisement in a separate web document (e.g. in an inline frame, iFrame, iframe, or IFRAME) based out of a different domain, taking advantage of the “same origin policy” enforced by browser standards which restrict scripting access across domains. This model works well for regular display advertisements however poses problems when hosting expandable advertisements, expandable advertisements can expand from their initial dimensions dynamically based on time and/or user interactions. The expansion resizing poses problems when an expandable advertisement is hosted within an iframe. When the expansion resizing takes place, the advertisement is clipped by the bounding iframe—breaking the ad experience. Thus, currently, publisher pages end up hosting expandable advertisements within the same domain as the publisher in order to overcome the resizing restrictions imposed by iframe based ad-serving. Thus there is need to solve this industry wide problem of securing expandable display advertisements, and improvements are needed for the purpose of safely supporting expandable rich media display advertisements within iFrames.