The <iframe> element allows you to insert content from other sites into the HTML code of your pages—for example, PDF documents, videos, and interactive media files. They will be displayed in a given space and exist independently of the rest of the page.
The element is inserted using the <iframe> tag:
<iframe src = "URL"> </iframe>
The src attribute defines the source of the embedded document.
Why is it important to know about the presence of embedded frames on your site?
Usually, an iframe is used to add visually appealing additional material or advertising from external sources. However, the use of embedded frames can slow down the page and pose a threat to the security of the site and its users, since hackers often use such elements to embed hostile sites.
A malicious resource can use an iframe to exploit a vulnerable site through CSRF (Сross-Site Request Forgery). The iframe is also used by attackers in the “UI Redress attack” (user interface redress attack).
Therefore, care must be taken when adding the contents of an unknown site to an iframe.
The Labrika “Pages with frame/iframe” report will show a list of frames used so that you can see if they are obtained from unreliable sources.
- By checking the box next to the desired item, you can filter the contents of the report so that data is displayed only for those iframes that include/do not include YouTube videos.
- The URL of the page with the iframe.
- Meta title of this page.
- It is indicated whether the frame contains a YouTube video.
- Clicking on the “Show” button will show the contents of the iframe element in the HTML code.
Using the report
Check the contents of the frames specified in the report. In cases where you need to use them, make sure that the embedded content is taken only from reliable sources. If you think a website is unsafe, don't put its contents in an iframe element.