Iframes (Security)
All HTML topics∙ Chapter 40
Iframes Security
Iframes embed another page inside your page. Real websites often block being embedded. Use security attributes like sandbox and good defaults like loading="lazy".
| Attribute | Why |
|---|---|
sandbox | Restricts what the iframe can do (recommended for untrusted content) |
loading="lazy" | Loads iframe only when near the viewport |
referrerpolicy | Controls referrer information sent |
allow | Permissions for camera, microphone, fullscreen, etc. |
📝 Edit Code
👁 Live Preview
💡
sandbox without values is very strict. Add permissions only if needed.