Do externally-hosted forms in <iframe> tags pass any data through the internal server that is using the iframe?
For more context if my question isn't clear:
Assume I'm a healthcare provider using Jotform for lead-gen forms. Assume I'm on their HIPAA-compliant plan complete with a BAA signed. And I've created a form that can be embedded or used in an iframe. Assume I'm using Wordpress for my website and my Wordpress server is not HIPAA-compliant because it doesn't need to be—no PII of any kind passes through the servers whatsoever other than the standard IP addresses in logs.
If I use an iframe on my non-HIPAA-compliant Wordpress site to show a Jotform-hosted HIPAA-compliant form, is there any way the data input into the form would pass through the Wordpress server?
I've tried only using links directly to jotform in a new window, but have not tried "embedding" using an iframe.
The iframe will run completely independently of your WordPress server, WordPress will never be able to see any of the data entered into the form.