<iframe>: The Inline Frame element
The <iframe>
HTML element represents a nested browsing context, embedding another HTML page into the current one.
Each embedded browsing context has its own session history and document. The browsing context that embeds the others is called the *parent browsing context*. The *topmost* browsing context — the one with no parent — is usually the browser window, represented by the Window
object.
Warning: Because each browsing context is a complete document environment, every <iframe>
in a page requires increased memory and other computing resources. While theoretically you can use as many <iframe>
s as you like, check for performance problems.
Content categories | Flow content, phrasing content, embedded content, interactive content, palpable content. |
---|---|
Permitted content | None. |
Tag omission | None, both the starting and ending tag are mandatory. |
Permitted parents | Any element that accepts embedded content. |
Implicit ARIA role | No corresponding role |
Permitted ARIA roles |
application , document ,
img , none ,
presentation
|
DOM interface | HTMLIFrameElement |
Attributes
This element includes the global attributes.
allow
-
Specifies a feature policy for the
<iframe>
. The policy defines what features are available to the<iframe>
based on the origin of the request (e.g. access to the microphone, camera, battery, web-share API, etc.).For more information and examples see: Using Feature Policy > The iframe allow attribute.
allowfullscreen
-
Set to
true
if the<iframe>
can activate fullscreen mode by calling therequestFullscreen()
method.Note: This attribute is considered a legacy attribute and redefined as
allow="fullscreen"
. allowpaymentrequest
-
Set to
true
if a cross-origin<iframe>
should be allowed to invoke the Payment Request API.Note: This attribute is considered a legacy attribute and redefined as
allow="payment"
. csp
-
A Content Security Policy enforced for the embedded resource. See
HTMLIFrameElement.csp
for details. fetchpriority
-
Provides a hint of the relative priority to use when fetching the iframe document. Allowed values:
high
-
Signals a high-priority fetch relative to other iframe documents.
low
-
Signals a low-priority fetch relative to other iframe documents.
auto
-
Default: Signals automatic determination of fetch priority relative to other iframe documents.
height
-
The height of the frame in CSS pixels. Default is
150
. loading
-
Indicates how the browser should load the iframe:
eager
: Load the iframe immediately, regardless if it is outside the visible viewport (this is the default value).lazy
: Defer loading of the iframe until it reaches a calculated distance from the viewport, as defined by the browser.
name
-
A targetable name for the embedded browsing context. This can be used in the
target
attribute of the<a>
,<form>
, or<base>
elements; theformtarget
attribute of the<input>
or<button>
elements; or thewindowName
parameter in thewindow.open()
method. referrerpolicy
-
Indicates which referrer to send when fetching the frame's resource:
no-referrer
: TheReferer
header will not be sent.no-referrer-when-downgrade
: TheReferer
header will not be sent to origins without TLS (HTTPS).origin
: The sent referrer will be limited to the origin of the referring page: its scheme, host, and port.origin-when-cross-origin
: The referrer sent to other origins will be limited to the scheme, the host, and the port. Navigations on the same origin will still include the path.same-origin
: A referrer will be sent for same origin, but cross-origin requests will contain no referrer information.strict-origin
: Only send the origin of the document as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but don't send it to a less secure destination (HTTPS→HTTP).strict-origin-when-cross-origin
(default): Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (HTTPS→HTTPS), and send no header to a less secure destination (HTTPS→HTTP).unsafe-url
: The referrer will include the origin and the path (but not the fragment, password, or username). This value is unsafe, because it leaks origins and paths from TLS-protected resources to insecure origins.
sandbox
-
Applies extra restrictions to the content in the frame. The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions:
allow-downloads-without-user-activation
: Allows for downloads to occur without a gesture from the user.allow-downloads
: Allows for downloads to occur with a gesture from the user.allow-forms
: Allows the resource to submit forms. If this keyword is not used, form submission is blocked.allow-modals
: Lets the resource open modal windows.allow-orientation-lock
: Lets the resource lock the screen orientation.allow-pointer-lock
: Lets the resource use the Pointer Lock API.allow-popups
: Allows popups (such aswindow.open()
,target="_blank"
, orshowModalDialog()
). If this keyword is not used, the popup will silently fail to open.allow-popups-to-escape-sandbox
: Lets the sandboxed document open new windows without those windows inheriting the sandboxing. For example, this can safely sandbox an advertisement without forcing the same restrictions upon the page the ad links to.allow-presentation
: Lets the resource start a presentation session.allow-same-origin
: If this token is not used, the resource is treated as being from a special origin that always fails the same-origin policy (potentially preventing access to data storage/cookies and some JavaScript APIs).allow-scripts
: Lets the resource run scripts (but not create popup windows).allow-storage-access-by-user-activation
: Lets the resource request access to the parent's storage capabilities with the Storage Access API.allow-top-navigation
: Lets the resource navigate the top-level browsing context (the one named_top
).allow-top-navigation-by-user-activation
: Lets the resource navigate the top-level browsing context, but only if initiated by a user gesture.
Note:
- When the embedded document has the same origin as the embedding page, it is strongly discouraged to use both
allow-scripts
andallow-same-origin
, as that lets the embedded document remove thesandbox
attribute — making it no more secure than not using thesandbox
attribute at all. - Sandboxing is useless if the attacker can display content outside a sandboxed
iframe
— such as if the viewer opens the frame in a new tab. Such content should be also served from a separate origin to limit potential damage. - The
sandbox
attribute is unsupported in Internet Explorer 9 and earlier.
src
-
The URL of the page to embed. Use a value of
about:blank
to embed an empty page that conforms to the same-origin policy. Also note that programmatically removing an<iframe>
's src attribute (e.g. viaElement.removeAttribute()
) causesabout:blank
to be loaded in the frame in Firefox (from version 65), Chromium-based browsers, and Safari/iOS. srcdoc
-
Inline HTML to embed, overriding the
src
attribute. If a browser does not support thesrcdoc
attribute, it will fall back to the URL in thesrc
attribute. width
-
The width of the frame in CSS pixels. Default is
300
.
Deprecated attributes
These attributes are deprecated and may no longer be supported by all user agents. You should not use them in new content, and try to remove them from existing content.
align
-
The alignment of this element with respect to the surrounding context.
frameborder
-
The value
1
(the default) draws a border around this frame. The value0
removes the border around this frame, but you should instead use the CSS propertyborder
to control<iframe>
borders. longdesc
-
A URL of a long description of the frame's content. Due to widespread misuse, this is not helpful for non-visual browsers.
marginheight
-
The amount of space in pixels between the frame's content and its top and bottom borders.
marginwidth
-
The amount of space in pixels between the frame's content and its left and right borders.
scrolling
-
Indicates when the browser should provide a scrollbar for the frame:
auto
: Only when the frame's content is larger than its dimensions.yes
: Always show a scrollbar.no
: Never show a scrollbar.
Scripting
Inline frames, like <frame>
elements, are included in the window.frames
pseudo-array.
With the DOM HTMLIFrameElement
object, scripts can access the window
object of the framed resource via the contentWindow
property. The contentDocument
property refers to the document
inside the <iframe>
, same as contentWindow.document
.
From the inside of a frame, a script can get a reference to its parent window with window.parent
.
Script access to a frame's content is subject to the same-origin policy. Scripts cannot access most properties in other window
objects if the script was loaded from a different origin, including scripts inside a frame accessing the frame's parent. Cross-origin communication can be achieved using Window.postMessage()
.
Positioning and scaling
As a replaced element, the position, alignment, and scaling of the embedded document within the <iframe>
element's box, can be adjusted with the object-position
and object-fit
properties.
Examples
A simple <iframe>
This example embeds the page at https://example.org in an iframe.
HTML
<iframe src="https://example.org"
title="iframe Example 1" width="400" height="300">
</iframe>
Result
Accessibility concerns
People navigating with assistive technology such as a screen reader can use the title
attribute on an <iframe>
to label its content. The title's value should concisely describe the embedded content:
<iframe title="Wikipedia page for Avocados" src="https://en.wikipedia.org/wiki/Avocado"></iframe>
Without this title, they have to navigate into the <iframe>
to determine what its embedded content is. This context shift can be confusing and time-consuming, especially for pages with multiple <iframe>
s and/or if embeds contain interactive content like video or audio.
Specifications
Specification |
---|
HTML Standard # the-iframe-element |
Browser compatibility
Report problems with this compatibility data on GitHubdesktop | mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
iframe | ChromeFull support1 | EdgeFull support12 | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
align | ChromeFull support1 | EdgeFull support12 | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
allow | ChromeFull support60 | EdgeFull support79 | FirefoxFull support74 | Internet ExplorerNo supportNo | OperaFull support47 | SafariFull support11.1 | WebView AndroidFull support60 | Chrome AndroidFull support60 | Firefox for AndroidNo supportNo | Opera AndroidFull support44 | Safari on iOSFull support11.3 | Samsung InternetFull support8.0 |
allowfullscreen | ChromeFull support27 | EdgeFull support79 | FirefoxFull support18 | Internet ExplorerFull support11 | OperaFull support15 | SafariFull support7 | WebView AndroidFull support37 | Chrome AndroidFull support27 | Firefox for AndroidFull support18 | Opera AndroidFull support14 | Safari on iOSFull support7 | Samsung InternetFull support1.5 |
allowpaymentrequest | ChromeNo supportNo | EdgeNo supportNo | FirefoxNo support56 – 83 | Internet ExplorerNo supportNo | OperaNo supportNo | SafariNo supportNo | WebView AndroidNo supportNo | Chrome AndroidNo supportNo | Firefox for AndroidNo support56 – 83 | Opera AndroidNo supportNo | Safari on iOSNo supportNo | Samsung InternetNo supportNo |
Aspect ratio computed from width and height attributes | ChromeFull support79 | EdgeFull support79 | FirefoxFull support71 | Internet ExplorerNo supportNo | OperaFull support66 | SafariFull support14 | WebView AndroidFull support79 | Chrome AndroidFull support79 | Firefox for AndroidFull support79 | Opera AndroidFull support57 | Safari on iOSFull support14 | Samsung InternetFull support12.0 |
External protocol URLs blocked | ChromeCompatibility unknown; please update this.? | EdgeCompatibility unknown; please update this.? | FirefoxFull support67 | Internet ExplorerCompatibility unknown; please update this.? | OperaCompatibility unknown; please update this.? | SafariCompatibility unknown; please update this.? | WebView AndroidCompatibility unknown; please update this.? | Chrome AndroidCompatibility unknown; please update this.? | Firefox for AndroidFull support67 | Opera AndroidCompatibility unknown; please update this.? | Safari on iOSCompatibility unknown; please update this.? | Samsung InternetCompatibility unknown; please update this.? |
frameborder | ChromeFull support1 | EdgeFull support12 | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
height | ChromeFull support1 | EdgeFull support12 | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
loading | ChromeFull support77 | EdgeFull support79 | FirefoxNo supportNo | Internet ExplorerNo supportNo | OperaFull support64 | SafariNo supportNo | WebView AndroidFull support77 | Chrome AndroidFull support77 | Firefox for AndroidNo supportNo | Opera AndroidFull support55 | Safari on iOSNo supportNo | Samsung InternetFull support12.0 |
longdesc | ChromeFull support1 | EdgeFull support12 | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
marginheight | ChromeFull support1 | EdgeFull support12 | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
marginwidth | ChromeFull support1 | EdgeFull support12 | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
name | ChromeFull support1 | EdgeFull support12 | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
referrerpolicy | ChromeFull support51 | EdgeFull support79 | FirefoxFull support50 | Internet ExplorerNo supportNo | OperaFull support38 | SafariFull support13 | WebView AndroidFull support51 | Chrome AndroidFull support51 | Firefox for AndroidFull support50 | Opera AndroidFull support41 | Safari on iOSFull support13 | Samsung InternetFull support7.2 |
sandbox | ChromeFull support4 | EdgeFull support12 | FirefoxFull support17 | Internet ExplorerFull support10 | OperaFull support15 | SafariFull support5 | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull support17 | Opera AndroidCompatibility unknown; please update this.? | Safari on iOSFull support4.2 | Samsung InternetFull supportYes |
sandbox="allow-downloads" | ChromeFull support83 | EdgeFull support83 | FirefoxFull support82 | Internet ExplorerNo supportNo | OperaCompatibility unknown; please update this.? | SafariNo supportNo | WebView AndroidFull support83 | Chrome AndroidFull support83 | Firefox for AndroidFull support82 | Opera AndroidCompatibility unknown; please update this.? | Safari on iOSNo supportNo | Samsung InternetFull support13.0 |
sandbox="allow-modals" | ChromeFull support46 | EdgeFull support79 | FirefoxFull support49 | Internet ExplorerNo supportNo | OperaFull support33 | SafariCompatibility unknown; please update this.? | WebView AndroidFull support46 | Chrome AndroidFull support46 | Firefox for AndroidFull support49 | Opera AndroidFull support33 | Safari on iOSCompatibility unknown; please update this.? | Samsung InternetFull support5.0 |
sandbox="allow-popups" | ChromeFull supportYes | EdgeFull support18 | FirefoxFull support28 | Internet ExplorerCompatibility unknown; please update this.? | OperaFull supportYes | SafariCompatibility unknown; please update this.? | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull support27 | Opera AndroidCompatibility unknown; please update this.? | Safari on iOSCompatibility unknown; please update this.? | Samsung InternetFull supportYes |
sandbox="allow-popups-to-escape-sandbox" | ChromeFull support46 | EdgeFull support79 | FirefoxFull support49 | Internet ExplorerNo supportNo | OperaFull support32 | SafariCompatibility unknown; please update this.? | WebView AndroidFull support46 | Chrome AndroidFull support46 | Firefox for AndroidFull support49 | Opera AndroidFull support32 | Safari on iOSCompatibility unknown; please update this.? | Samsung InternetFull support5.0 |
sandbox="allow-presentation" | ChromeFull support53 | EdgeFull support79 | FirefoxFull support50 | Internet ExplorerNo supportNo | OperaFull support40 | SafariCompatibility unknown; please update this.? | WebView AndroidNo supportNo | Chrome AndroidFull support53 | Firefox for AndroidFull support50 | Opera AndroidFull support41 | Safari on iOSCompatibility unknown; please update this.? | Samsung InternetFull support6.0 |
sandbox="allow-same-origin" | ChromeFull supportYes | EdgeFull supportYes | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
sandbox="allow-storage-access-by-user-activation" | ChromeNo supportNo | EdgeNo supportNo | FirefoxFull support65 | Internet ExplorerNo supportNo | OperaNo supportNo | SafariFull support11.1 | WebView AndroidNo supportNo | Chrome AndroidNo supportNo | Firefox for AndroidFull support65 | Opera AndroidNo supportNo | Safari on iOSFull support11.3 | Samsung InternetNo supportNo |
sandbox="allow-top-navigation-by-user-activation" | ChromeFull support58 | EdgeFull support79 | FirefoxFull support79 | Internet ExplorerNo supportNo | OperaFull support45 | SafariFull support11.1 | WebView AndroidFull support58 | Chrome AndroidFull support58 | Firefox for AndroidFull support79 | Opera AndroidFull support43 | Safari on iOSCompatibility unknown; please update this.? | Samsung InternetFull support7.0 |
scrolling | ChromeFull support1 | EdgeFull support12 | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
src | ChromeFull support1 | EdgeFull support12 | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
srcdoc | ChromeFull support20 | EdgeFull support79 | FirefoxFull support25 | Internet ExplorerNo supportNo | OperaFull support15 | SafariFull support6 | WebView AndroidFull support37 | Chrome AndroidFull support25 | Firefox for AndroidFull support25 | Opera AndroidCompatibility unknown; please update this.? | Safari on iOSCompatibility unknown; please update this.? | Samsung InternetFull support1.5 |
width | ChromeFull support1 | EdgeFull support12 | FirefoxFull supportYes | Internet ExplorerFull supportYes | OperaFull supportYes | SafariFull supportYes | WebView AndroidFull supportYes | Chrome AndroidFull supportYes | Firefox for AndroidFull supportYes | Opera AndroidFull supportYes | Safari on iOSFull supportYes | Samsung InternetFull supportYes |
Legend
- Full support
- Full support
- No support
- No support
- Compatibility unknown
- Compatibility unknown
- Experimental. Expect behavior to change in the future.
- Non-standard. Check cross-browser support before using.
- Deprecated. Not for use in new websites.
- See implementation notes.
- User must explicitly enable this feature.
- Requires a vendor prefix or different name for use.