Home
HTML iframe : A Tutorial
HTML

HTML iframe : A Tutorial

The HTML <iframe> (short for inline frame) is used to embed another webpage or external content inside a webpage.

It is commonly used for embedding videos, maps, external websites, and advertisements.

What This Tutorial Covers:

  • What is an <iframe>
  • Basic usage of <iframe>
  • Embedding external websites
  • Controlling iframe size with width and height
  • Removing iframe borders
  • Using iframes for embedding YouTube videos and Google Maps
  • Security considerations with iframes
  • Best practices for using <iframe>

1. What is an <iframe>?

An <iframe> allows embedding another document within the current webpage.

Example:

<iframe src="https://www.example.com"></iframe>
  • This loads example.com inside a frame on the webpage.

Characteristics:

  • Displays external or internal web pages.
  • Can be resized using width and height.
  • Can be restricted using security settings.

2. Basic Usage of <iframe>

The simplest way to use an <iframe> is by setting the src attribute.

Example:

<iframe src="https://www.wikipedia.org" width="600" height="400"></iframe>

Explanation:

  • src=”https://www.wikipedia.org” loads the Wikipedia homepage.
  • width=”600″ and height=”400″ set the iframe size.

3. Embedding External Websites

Not all websites allow embedding via <iframe>. Some sites use X-Frame-Options to block embedding.

Example:

<iframe src="https://www.google.com" width="800" height="500"></iframe>
  • This will not work because Google blocks iframes for security reasons.

To check if a website allows embedding:

  1. Open Chrome DevTools (F12).
  2. Go to the Console tab.
  3. If you see an error like “Refused to display ‘URL’ in a frame because X-Frame-Options is set to ‘DENY'”, embedding is not allowed.

4. Controlling Iframe Size

You can specify width and height in pixels or percentages.

Example:

<iframe src="https://www.example.com" width="80%" height="500"></iframe>
  • width=”80%” makes the iframe responsive.
  • height=”500″ sets a fixed height.

For a fully responsive iframe, use CSS:

<style>
    .responsive-iframe {
        width: 100%;
        height: 500px;
        border: none;
    }
</style>

<iframe src="https://www.example.com" class="responsive-iframe"></iframe>

5. Removing Iframe Borders

By default, iframes may have borders.

Example:

<iframe src="https://www.example.com" width="600" height="400" style="border: none;"></iframe>
  • style=”border: none;” removes the border.

Alternatively, use CSS:

iframe {
    border: 0;
}

6. Embedding YouTube Videos with Iframes

YouTube provides iframe-based video embedding.

Example:

<iframe width="560" height="315" 
        src="https://www.youtube.com/embed/dQw4w9WgXcQ" 
        frameborder="0" allowfullscreen>
</iframe>

Explanation:

  • https://www.youtube.com/embed/dQw4w9WgXcQ is the embed URL (replace with any video ID).
  • allowfullscreen allows full-screen mode.

To get the embed code from YouTube:

  1. Open a YouTube video.
  2. Click Share > Embed.
  3. Copy the <iframe> code.

7. Embedding Google Maps with Iframes

Google Maps allows embedding locations using <iframe>.

Example:

<iframe 
    width="600" height="450" style="border:0;" 
    src="https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3151.835434509474!2d144.96305791531862!3d-37.814217979751994!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x6ad642af0f11fd81%3A0x5045675218ce6e0!2sMelbourne%2C+Australia!5e0!3m2!1sen!2sus!4v1614846917329!5m2!1sen!2sus" 
    allowfullscreen>
</iframe>

Steps to Get Google Maps Embed Code:

  1. Go to Google Maps.
  2. Search for a location.
  3. Click Share > Embed a Map.
  4. Copy the <iframe> code.

8. Security Considerations with Iframes

8.1 Preventing Clickjacking Attacks

Websites can prevent iframes from embedding their content using X-Frame-Options.

To block embedding on your website, add this to .htaccess:

Header always set X-Frame-Options "DENY"

8.2 Restricting Iframe Content with sandbox

Use sandbox to restrict iframe capabilities.

<iframe src="https://www.example.com" sandbox></iframe>

sandbox Options:

Attribute Restriction
sandbox Blocks everything by default
allow-scripts Allows JavaScript execution
allow-same-origin Allows cookies and sessions

Example allowing only scripts:

<iframe src="https://www.example.com" sandbox="allow-scripts"></iframe>

9. Best Practices for Using <iframe>

Use HTTPS for Secure Embedding

<iframe src="https://www.example.com"></iframe>
  • Avoid using HTTP in src, as modern browsers block insecure iframes.

Set title for Accessibility

<iframe src="https://www.example.com" title="Example Website"></iframe>
  • Helps screen readers understand the iframe content.

Avoid Auto-playing Videos

<iframe src="https://www.youtube.com/embed/dQw4w9WgXcQ?autoplay=1"></iframe>
  • Auto-play may annoy users.

Use loading=”lazy” for Performance

<iframe src="https://www.example.com" loading="lazy"></iframe>
  • Improves page speed by delaying iframe loading.

 

Conclusion

HTML <iframe> is used for embedding external content such as web pages, videos, and maps. However, it should be used carefully due to security concerns.

Related Articles

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh