The IFrame component displays an iframe.


Src (https)

The URL of the page to embed.


Enables an extra set of restrictions for the content (for example: allow-same-origin, allow-scripts...)

Allow fullscreen

Indicates whether the frame is allowed to be placed into full screen mode.

Allow payment request

Indicates whether the Payment Request API may be invoked.

Allow transparency

Indicates whether the frame can be transparent.

Frame border

Specifies whether or not to display a border around the iframe (0 or 1).


Specifies the HTML content of the page to show in the iframe.

Referrer policy

A string indicating which referrer to use when fetching the resource:

  • "no-referrer" meaning that the Referer: header will not be sent.
  • "no-referrer-when-downgrade" meaning that no Referer: header will be sent when navigating to an origin without TLS (HTTPS). This is a user agent’s default behavior, if no policy is otherwise specified.
  • "origin" meaning that the referrer will be the origin of the page, that is roughly the scheme, the host and the port.
  • "origin-when-cross-origin" meaning that navigations to other origins will be limited to the scheme, the host and the port, while navigations on the same origin will include the referrer's path.
  • "unsafe-url" meaning that the referrer will include the origin and the path (but not the fragment, password, or username). This case is unsafe because it can leak origins and paths from TLS-protected resources to insecure origins.