The complete guide to embedding external content — videos, maps, social posts, forms, and more — using HTML embed codes
🛠️ Generate embed codes in seconds
Use the Free Embed Code Generator →Embedding content from other websites is one of the most powerful features of the modern web. Whether you want to display a YouTube video on your blog, add an interactive Google Map to your business page, showcase a social media post in an article, or include a third-party form on your landing page, you need an embed code — a small snippet of HTML that pulls external content into your webpage.
Despite how common embedding is, many website owners and content creators still struggle with the technical details. How do you create an embed code? What is the difference between an iframe and oEmbed? Why do some websites refuse to be embedded? And how do you make embedded content look good on both desktop and mobile?
This guide answers all of those questions and more. We will cover the fundamentals of HTML embedding, walk through specific examples for popular platforms, explain the security considerations, and show you how an embed code generator tool can simplify the entire process.
An embed code is a block of HTML that you place on your webpage to display content from another source. Instead of downloading and hosting the content yourself, the embed code tells the visitor's browser to fetch and render the content directly from the original source. This means the content stays up to date automatically — if the source updates their video, map, or post, your embedded version reflects those changes.
Embed codes are used everywhere on the web. News websites embed social media posts to add context to their articles. Real estate sites embed Google Maps to show property locations. Educational platforms embed YouTube videos to supplement their lessons. Documentation sites embed code playgrounds like CodePen to demonstrate examples. In every case, embedding enriches the page with dynamic, interactive content without requiring the page owner to build or maintain that content themselves.
While hyperlinks direct users away from your page, embeds keep users on your site while showing them external content. This reduces bounce rate, increases time on page, and provides a better user experience. Users can watch a video, view a map, or interact with a widget without ever leaving your website. For content creators and marketers, this translates directly into better engagement metrics.
The <iframe> (inline frame) element is the backbone of most web embedding. It creates a nested browsing context — essentially a window within your page that displays content from another URL. Here is a basic example:
<iframe
src="https://www.youtube.com/embed/dQw4w9WgXcQ"
width="560"
height="315"
frameborder="0"
allowfullscreen>
</iframe>This snippet tells the browser to load the YouTube video player at the specified URL, display it at 560×315 pixels, remove the default border, and allow the user to view the video in fullscreen mode.
While iframes are the most common approach, HTML offers other embedding elements:
YouTube makes embedding straightforward. On any YouTube video page, click the "Share" button, then "Embed." YouTube provides a ready-to-use iframe code with customizable options for size, start time, and privacy-enhanced mode. Here is the basic format:
<iframe src="https://www.youtube.com/embed/VIDEO_ID"
width="560" height="315"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write;
encrypted-media; gyroscope; picture-in-picture"
allowfullscreen></iframe>To start the video at a specific time, append ?start=30 to the src URL (where 30 is the number of seconds). To use privacy-enhanced mode (which prevents YouTube from storing cookies for users who are not signed in), use youtube-nocookie.com instead of youtube.com.
Google Maps provides embed codes for displaying locations, directions, and custom maps. Go to Google Maps, search for your location, click the "Share" button, and select the "Embed a map" tab. Google generates an iframe with your chosen location and zoom level. You can also customize the map type (roadmap, satellite, terrain) and size before copying the code.
Most social platforms offer official embed options:
PDFs can be embedded using an iframe, the object element, or Google Docs Viewer:
<iframe src="https://docs.google.com/gview?url=YOUR_PDF_URL&embedded=true"
width="600" height="800"></iframe>The Google Docs Viewer approach is particularly useful because it renders the PDF consistently across all browsers, including mobile devices where native PDF rendering can be unreliable.
Google Calendar allows you to embed a live, interactive calendar on your website. In Calendar settings, find "Integrate calendar," and copy the iframe code. Similarly, Google Forms provides embed codes that display your form directly on your page. Typeform, Jotform, and other form builders also offer embed options including inline, popup, and slide-in modes.
One of the most common problems with embedded content is that it does not look good on mobile devices. A 560-pixel-wide YouTube video might be fine on a desktop screen, but it overflows on a 375-pixel-wide phone. Here are three techniques to make iframes responsive:
The simplest modern method uses the CSS aspect-ratio property:
iframe {
width: 100%;
height: auto;
aspect-ratio: 16 / 9;
}This tells the browser to maintain a 16:9 aspect ratio regardless of the container width. It is clean, requires no wrapper elements, and is supported by all modern browsers.
For older browser support, the padding-bottom technique uses a wrapper div with percentage-based padding:
.embed-container {
position: relative;
padding-bottom: 56.25%; /* 16:9 = 9/16 = 0.5625 */
height: 0;
overflow: hidden;
}
.embed-container iframe {
position: absolute;
top: 0; left: 0;
width: 100%; height: 100%;
}This works because percentage-based padding is calculated relative to the element's width, creating a height that maintains the desired ratio.
oEmbed is an open standard that allows websites to request structured embed data from content providers. Instead of manually crafting iframe code, you simply paste a URL, and the platform (like WordPress, Notion, or Medium) automatically fetches the embed code from the provider.
Here is how it works: when you paste a YouTube URL into a WordPress editor, WordPress sends a request to YouTube's oEmbed endpoint. YouTube responds with a JSON object containing the title, thumbnail, author, and pre-formatted HTML embed code. WordPress then renders this on your page.
Many major platforms support oEmbed, including YouTube, Vimeo, Twitter/X, Instagram, Flickr, Spotify, SoundCloud, and SlideShare. If you are building a CMS or content platform, implementing oEmbed support gives your users the ability to embed content from hundreds of providers simply by pasting a URL.
Embedding external content introduces security considerations that every website owner should understand.
Many websites send an X-Frame-Options header or a Content-Security-Policy: frame-ancestors header that prevents their pages from being loaded in iframes on other domains. This is a security measure against clickjacking — an attack where a malicious site loads a legitimate site in a transparent iframe and tricks the user into clicking buttons they cannot see. If you try to embed a site that blocks framing, the browser will refuse to render the iframe content.
The sandbox attribute lets you apply restrictions to embedded content:
<iframe src="https://example.com" sandbox="allow-scripts allow-same-origin"></iframe>Common sandbox values include allow-scripts (permits JavaScript), allow-same-origin (treats the content as same-origin), allow-forms (allows form submission), and allow-popups (allows popup windows). Use the minimum set of permissions needed for the embed to function correctly.
When you embed content from YouTube, Google Maps, or social media platforms, those platforms can track visitors to your page through their embedded widgets. This includes analytics, cookies, and fingerprinting. If privacy is a concern, consider using privacy-enhanced embed options (like YouTube's nocookie domain) or self-hosting the content instead.
While you can manually write iframe code for common platforms, an embed code generator simplifies the process significantly. Instead of hunting for the right embed URL format, configuring dimensions, and adding security attributes, you enter a URL and the generator produces clean, ready-to-paste HTML code.
The RiseTop Embed Code Generator takes a URL and automatically generates an optimized embed code with:
loading="lazy" to iframes below the fold to improve page load speed.title="description" to every iframe for accessibility compliance.