Web platform features explorer

Credentialless iframes

Limited availability
Tags: api html Groups: Security

The credentialless attribute for the <iframe> HTML element loads third-party content in an ephemeral context and does not send any credentials such as cookies. When using cross-origin isolation, this allows you to embed content that does not send Cross-Origin-Embedder-Policy headers.

Browser support

  • Chrome 110 Released on 2023-02-07
  • Chrome Android 110 Released on 2023-02-07
  • Edge 110 Released on 2023-02-09
  • Firefox Vendor position (concerns: venue)
  • Firefox for Android Vendor position (concerns: venue)
  • Safari
  • Safari on iOS

Usage (according to Chrome Platform Status)

~0.012% of page loads. More data at chromestatus.