The modern web is built on embedded content. Every YouTube video you watch on a blog, every Google Map embedded in a contact page, every Spotify player in an artist's website—all of these rely on HTML embed codes. Understanding how to create, customize, and secure embed codes is an essential skill for web developers, content creators, and digital marketers alike.
This comprehensive tutorial covers every major embedding method in HTML, from the ubiquitous iframe to specialized elements for video, audio, and interactive content. You will learn the syntax, best practices, security considerations, and responsive techniques for each approach. And when you need to generate embed codes quickly, our Embed Code Generator is ready to help.
The <iframe> (inline frame) element is by far the most common way to embed external content. It creates a nested browsing context—essentially a window within your page that loads a completely separate HTML document.
<iframe
src="https://example.com/content"
width="600"
height="400"
title="Embedded Content"
frameborder="0"
allowfullscreen>
</iframe>| Attribute | Purpose | Example |
|---|---|---|
src | URL of the content to embed | src="https://youtube.com/..." |
width | Width of the iframe in pixels or percentage | width="100%" |
height | Height of the iframe | height="400" |
title | Accessible description (required for WCAG) | title="Product Video" |
loading | Lazy loading for performance | loading="lazy" |
allow | Permissions policy for the iframe | allow="autoplay; fullscreen" |
sandbox | Security restrictions (see Chapter 6) | sandbox="allow-scripts" |
referrerpolicy | Controls referrer information sent | referrerpolicy="no-referrer" |
title attribute. Screen readers use it to describe the iframe to visually impaired users. It is a WCAG accessibility requirement and takes two seconds to add.Before iframes dominated, HTML provided two other elements for embedding external content: <embed> and <object>. While less commonly used today, they still serve important purposes for certain content types.
The <embed> element is a self-closing tag designed for embedding external content that requires a plugin or external application. It is commonly used for PDFs, SVGs, and multimedia content.
<!-- Embed a PDF document -->
<embed src="document.pdf" type="application/pdf" width="600" height="400">
<!-- Embed an SVG image -->
<embed src="illustration.svg" type="image/svg+xml" width="300" height="200">The <object> element is similar to <embed> but has a significant advantage: it supports fallback content that displays when the embedded content cannot be loaded.
<object data="presentation.pdf" type="application/pdf" width="600" height="400">
<p>Your browser cannot display this PDF. <a href="presentation.pdf">Download it instead.</a></p>
</object>Video embedding is the single most common use of HTML embed codes. There are several approaches depending on whether you are hosting the video yourself or using a platform like YouTube or Vimeo.
For videos you host yourself, the <video> element provides native browser support without any plugins:
<video width="100%" controls poster="thumbnail.jpg">
<source src="video.mp4" type="video/mp4">
<source src="video.webm" type="video/webm">
<p>Your browser does not support HTML5 video.</p>
</video>YouTube provides iframe embed codes through the Share → Embed option on any video. Here is a typical YouTube embed with enhanced parameters:
<iframe
src="https://www.youtube.com/embed/VIDEO_ID?rel=0&modestbranding=1"
width="100%"
height="100%"
title="Tutorial Video"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>Useful YouTube embed parameters include rel=0 (hide related videos), modestbranding=1 (reduce YouTube branding), start=30 (begin at 30 seconds), and autoplay=1 (auto-play on load).
Vimeo follows a similar pattern with additional privacy and customization options:
<iframe
src="https://player.vimeo.com/video/VIDEO_ID?title=0&byline=0&portrait=0"
width="100%"
height="100%"
title="Showreel"
frameborder="0"
allow="autoplay; fullscreen"
allowfullscreen>
</iframe>Embedding maps on contact pages, location directories, and event pages is standard practice. Google Maps is the most popular choice, but alternatives exist.
Navigate to Google Maps, find your location, click "Share," then "Embed a map." The generated code looks like this:
<iframe
src="https://www.google.com/maps/embed?pb=..."
width="100%"
height="450"
style="border:0;"
allowfullscreen=""
loading="lazy"
referrerpolicy="no-referrer-when-downgrade"
title="Our Office Location">
</iframe>For dynamic applications, the Google Maps Embed API provides programmatic control over map types (place, search, directions, street view, and zoom) with an API key.
For open-source alternatives, OpenStreetMap can be embedded via iframe using services like OpenStreetMap's export tool or leaflet.js for more interactive maps:
<iframe
src="https://www.openstreetmap.org/export/embed.html?bbox=-0.004017949104309083%2C51.47612752641776%2C0.00030577182769775393%2C51.478569861898606&layer=mapnik"
width="100%"
height="450"
title="Map">
</iframe>Use the <audio> element for self-hosted audio, or iframe for platform players like Spotify and SoundCloud:
<!-- Self-hosted -->
<audio controls>
<source src="podcast.mp3" type="audio/mpeg">
</audio>
<!-- Spotify embed -->
<iframe src="https://open.spotify.com/embed/track/TRACK_ID" width="100%" height="80" frameborder="0" allowtransparency="true" allow="encrypted-media" title="Spotify Player"></iframe>Most social platforms provide official embed codes:
Embed PDFs and documents using Google Docs Viewer (works without hosting the file yourself) or the object element:
<!-- Google Docs Viewer -->
<iframe
src="https://docs.google.com/gview?url=https://example.com/doc.pdf&embedded=true"
width="100%" height="600" title="Document Viewer">
</iframe>Fixed-width iframes break on mobile devices. Here are three reliable techniques for making embedded content responsive.
<style>
.embed-container {
position: relative;
padding-bottom: 56.25%; /* 16:9 ratio */
height: 0;
overflow: hidden;
max-width: 100%;
}
.embed-container iframe {
position: absolute;
top: 0; left: 0;
width: 100%; height: 100%;
}
</style>
<div class="embed-container">
<iframe src="..." title="Video"></iframe>
</div>Common aspect ratios: 16:9 = 56.25%, 4:3 = 75%, 1:1 = 100%, 21:9 = 42.85%.
iframe {
width: 100%;
aspect-ratio: 16 / 9;
border: none;
}.embed-wrapper {
container-type: inline-size;
}
@container (max-width: 400px) {
.embed-wrapper iframe {
aspect-ratio: 4 / 3;
}
}The sandbox attribute applies extra restrictions to the embedded content. Use it liberally:
<!-- Most restrictive (recommended for untrusted content) -->
<iframe src="..." sandbox title="External Content"></iframe>
<!-- Allow scripts but nothing else -->
<iframe src="..." sandbox="allow-scripts" title="Widget"></iframe>
<!-- Allow scripts and same-origin access -->
<iframe src="..." sandbox="allow-scripts allow-same-origin" title="Trusted Widget"></iframe>Use CSP headers to control which domains can be embedded on your pages:
Content-Security-Policy: frame-ancestors 'self' https://trusted-domain.com;
Content-Security-Policy: frame-src https://youtube.com https://player.vimeo.com;loading="lazy" to prevent unnecessary resource loadingreferrerpolicy="no-referrer" for third-party embeds to protect user privacyallow attribute to grant only necessary permissionsUse our free Embed Code Generator to create properly formatted, responsive embed codes for YouTube, Google Maps, PDFs, and more. Just paste a URL and get production-ready code.
Open Embed Code Generator →An HTML embed code is a snippet of HTML that loads external content (videos, maps, widgets, documents) into a web page. The most common method uses the iframe element, but HTML also provides embed, object, video, and audio elements for different content types.
Wrap the iframe in a container with position:relative and padding-bottom:56.25% (for 16:9 ratio), then set the iframe to position:absolute with width and height of 100%. Alternatively, use the CSS aspect-ratio property on the iframe itself.
Embedding with iframe is generally safe if you use the sandbox attribute to restrict the embedded page's capabilities. Always set sandbox='allow-scripts allow-same-origin' for minimum needed permissions. Avoid allow-top-navigation and be cautious with allow-same-origin.
iframe embeds a complete HTML page within your page. embed is for embedded content like plugins, media players, and interactive content. object is similar to embed but also supports fallback content. For most modern use cases, iframe is the recommended approach.
Yes. Go to Google Maps, search for your location, click Share, then Embed a Map. Copy the iframe code provided. You can customize the zoom level, map type, and size. For more control, use the Google Maps Embed API with an API key.