Web features explorer - Credentialless iframes

Web features explorer

Tags: api html Groups: Security

The credentialless attribute for the <iframe> HTML element loads third-party content in an ephemeral context and does not send any credentials such as cookies. When using cross-origin isolation, this allows you to embed content that does not send Cross-Origin-Embedder-Policy headers.

Learning resources on MDN

IFrame credentialless

Browser support

Chrome 110 Released on 2023-02-07
Chrome Android 110 Released on 2023-02-07
Edge 110 Released on 2023-02-09
Firefox ❌ Vendor position (concerns: venue)
Firefox for Android ❌ Vendor position (concerns: venue)
Safari ❌
Safari on iOS ❌

Specifications

Iframe credentialless, from Web Platform Incubator Community Group (W3C).

Edit this feature - Report an issue about this feature