Web features explorer - Credentialless iframes

Tags: api html Groups: Security

The credentialless attribute for the <iframe> HTML element loads third-party content in an ephemeral context and does not send any credentials such as cookies. When using cross-origin isolation, this allows you to embed content that does not send Cross-Origin-Embedder-Policy headers. To learn more, see IFrame credentialless at MDN.

Compatibility

Chrome 110 Released on 2023-02-07
Chrome Android 110 Released on 2023-02-07
Edge 110 Released on 2023-02-09
Firefox ❌ Search for bugs Search for standards position
Firefox for Android ❌ Search for bugs Search for standards position
Safari ❌ Search for bugs Search for standards position
Safari on iOS ❌ Search for bugs Search for standards position

Specifications

Iframe credentialless, from Web Platform Incubator Community Group (W3C).