When you tap a game card on sslhat.com, the page you were reading does not go away. A layer appears on top, and inside that layer sits an iframe — essentially a window cutout that shows another site’s content while you stay on our domain in the background.
That split is useful for focus and for memory: closing the popup clears the embedded page instead of leaving it running in a forgotten tab.
Who serves the pixels
The game files, audio, and logic usually come from a specialist host. Your browser requests their servers directly from inside the iframe. We choose wrappers that load over HTTPS and keep the experience inside the overlay, but we do not run their data centers.
What sslhat.com still controls
We control the text around the games, the cookie banner on our pages, and how the modal opens and closes. We can also swap titles or artwork if we need to refresh the lineup.
We do not see your keystrokes inside the third-party game unless a form on our own page asks you for information — and the contact form never touches gameplay data.
Blockers and breakage
Strict privacy extensions sometimes block iframes from certain domains. If a card opens to a blank panel, try allowing the game host for this site or switch browsers temporarily. The issue is usually a blocked cross-origin request, not a broken button.
See it in action
Open a card, watch the bar load, then close with Escape or the Close control.
Open games