Credentialless iframes

The credentialless attribute for the <iframe> HTML element loads third-party content in an ephemeral context and does not send any credentials such as cookies. When using cross-origin isolation, this allows you to embed content that does not send Cross-Origin-Embedder-Policy headers.

Compatibility

• Chrome 110 Released on 2023-02-07
• Chrome Android 110 Released on 2023-02-07
• Edge 110 Released on 2023-02-09
• Firefox ❌ Search for bugs Search for standards position
• Firefox for Android ❌ Search for bugs Search for standards position
• Safari ❌ Search for bugs Search for standards position
• Safari on iOS ❌ Search for bugs Search for standards position

BCD data

• api.HTMLIFrameElement.credentialless
• api.Window.credentialless
• html.elements.iframe.credentialless