

#IFRAME WIDTH CODE#
This works regardless of whether the user clicked on the link, or JS code initiated it without user interaction.
#IFRAME WIDTH DOWNLOAD#
allow-downloads: Allows downloading files through an or element with the download attribute, as well as through the navigation that leads to a download of a file.The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions: This value is unsafe, because it leaks origins and paths from TLS-protected resources to insecure origins.Īpplies extra restrictions to the content in the frame. unsafe-url: The referrer will include the origin and the path (but not the fragment, password, or username).
#IFRAME WIDTH FULL#
strict-origin-when-cross-origin (default): Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (HTTPS→HTTPS), and send no header to a less secure destination (HTTPS→HTTP).strict-origin: Only send the origin of the document as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but don't send it to a less secure destination (HTTPS→HTTP).same-origin: A referrer will be sent for same origin, but cross-origin requests will contain no referrer information.Navigations on the same origin will still include the path. origin-when-cross-origin: The referrer sent to other origins will be limited to the scheme, the host, and the port.origin: The sent referrer will be limited to the origin of the referring page: its scheme, host, and port.no-referrer-when-downgrade: The Referer header will not be sent to origins without TLS ( HTTPS).no-referrer: The Referer header will not be sent.Indicates which referrer to send when fetching the frame's resource: This can be used in the target attribute of the, , or elements the formtarget attribute of the or elements or the windowName parameter in the window.open() method.

lazy: Defer loading of the iframe until it reaches a calculated distance from the viewport, as defined by the browser.Ī targetable name for the embedded browsing context.eager: Load the iframe immediately, regardless if it is outside the visible viewport (this is the default value).


Indicates how the browser should load the iframe: csp ExperimentalĪ Content Security Policy enforced for the embedded resource. See IFrame credentialless for more details. In return, the Cross-Origin-Embedder-Policy (COEP) embedding rules can be lifted, so documents with COEP set can embed third-party documents that do not. It uses a new context local to the top-level document lifetime. It doesn't have access to the network, cookies, and storage data associated with its origin. Set to true to make the credentialless, meaning that its content will be loaded in a new, ephemeral context. Note: This attribute is considered a legacy attribute and redefined as allow="payment".
