Best Practices for using iFrame Embeds

Securing an iFrame

There are security concerns to consider when embedding content into your web pages using <iframe> elements. The following security mechanisms are best practices to consider in order to make your <iframe> elements more secure.

Configure Content Security Policy (CSP) directives

CSP provides a set of HTTP Headers to your web pages that improve the security of your HTML document. For securing <iframe>s you’ll want to ensure your site has an appropriate X-Frame-Options header configured. Configuring the X-Frame-Options header adds security by preventing other sites from embedding your content into their web page.


Whenever possible serve your websites using HTTPS. Enabling HTTPS on your site prevents embedded content from accessing the content in your parent document and vice versa.



For more details on any of the security concerns or practices listed above visit the following resource:

iFrames in Detail 


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.