---
title: '<iframe>: 인라인 프레임 요소'
slug: Web/HTML/Element/iframe
tags:
  - Element
  - HTML
  - HTML embedded content
  - Reference
  - Web
translation_of: Web/HTML/Element/iframe
---
<div>{{HTMLRef}}</div>

<p><strong>HTML <code>&lt;iframe&gt;</code> 요소</strong>는 중첩 {{glossary("browsing context", "브라우징 맥락")}}을 나타내는 요소로, 현재 문서 안에 다른 HTML 페이지를 삽입합니다.</p>

<div>{{EmbedInteractiveExample("pages/tabbed/iframe.html", "tabbed-standard")}}</div>

<div class="hidden">The source for this interactive example is stored in a GitHub repository. If you'd like to contribute to the interactive examples project, please clone <a href="https://github.com/mdn/interactive-examples">https://github.com/mdn/interactive-examples </a> and send us a pull request.</div>

<p>삽입된 브라우징 맥락은 각자 자신만의 <a href="/ko/docs/Web/API/History">세션 기록</a>과 <a href="/ko/docs/Web/API/Document">문서</a>를 가집니다. 다른 브라우징 맥락을 포함하고 있는 맥락은 "부모 브라우징 맥락"이라고 부릅니다. 부모를 가지지 않는, 즉 최상위 브라우징 맥락은 대개 브라우저 창으로서, {{domxref("Window")}} 객체로 나타냅니다.</p>

<div class="blockIndicator warning">
<p>각각의 브라우징 맥락은 완전한 문서 환경이므로, 페이지에 <code>&lt;iframe&gt;</code>을 추가할 때마다 메모리 및 기타 컴퓨터 자원 사용량이 늘어납니다. 이론상으로는 원하는 만큼 <code>&lt;iframe&gt;</code>을 사용할 수 있지만, 성능 문제가 없는지 확인하세요.</p>
</div>

<table class="properties">
 <tbody>
  <tr>
   <th scope="row"><a href="/ko/docs/Web/Guide/HTML/Content_categories">콘텐츠 카테고리</a></th>
   <td>플로우 콘텐츠, 구문 콘텐츠, 내장 콘텐츠, 대화형 콘텐츠, 뚜렷한 콘텐츠.</td>
  </tr>
  <tr>
   <th scope="row">가능한 콘텐츠</th>
   <td>없음.</td>
  </tr>
  <tr>
   <th scope="row">태그 생략</th>
   <td>{{no_tag_omission}}</td>
  </tr>
  <tr>
   <th scope="row">가능한 부모 요소</th>
   <td>내장 콘텐츠를 허용하는 모든 요소.</td>
  </tr>
  <tr>
   <th scope="row">가능한 ARIA 역할</th>
   <td>{{ARIARole("application")}}, {{ARIARole("document")}}, {{ARIARole("img")}}</td>
  </tr>
  <tr>
   <th scope="row">DOM 인터페이스</th>
   <td>{{domxref("HTMLIFrameElement")}}</td>
  </tr>
 </tbody>
</table>

<h2 id="특성">특성</h2>

<p>이 요소는 <a href="/ko/docs/Web/HTML/Global_attributes">전역 특성</a>을 포함합니다.</p>

<dl>
 <dt>{{htmlattrdef("allow")}}</dt>
 <dd>Specifies a <a href="/en-US/docs/Web/HTTP/Feature_Policy">feature policy</a> for the <code>&lt;iframe&gt;</code>. See the article <a href="/en-US/docs/Web/Privacy">Privacy, permissions, and information security</a> for details on security issues and how <code>&lt;iframe&gt;</code> works with Feature Policy to keep systems safe.</dd>
 <dt>{{htmlattrdef("allowfullscreen")}}</dt>
 <dd>Set to <code>true</code> if the <code>&lt;iframe&gt;</code> can activate fullscreen mode by calling the {{domxref("Element.requestFullscreen", "requestFullscreen()")}} method.</dd>
 <dd>
 <div class="note">This attribute is considered a legacy attribute and redefined as <code>allow="fullscreen"</code>.</div>
 </dd>
 <dt>{{htmlattrdef("allowpaymentrequest")}}</dt>
 <dd>Set to <code>true</code> if a cross-origin <code>&lt;iframe&gt;</code> should be allowed to invoke the <a href="/en-US/docs/Web/API/Payment_Request_API">Payment Request API</a>.</dd>
 <dd>
 <div class="note">This attribute is considered a legacy attribute and redefined as <code>allow="payment"</code>.</div>
 </dd>
 <dt>{{htmlattrdef("csp")}} {{experimental_inline}}</dt>
 <dd>A <a href="/en-US/docs/Web/HTTP/CSP">Content Security Policy</a> enforced for the embedded resource. See {{domxref("HTMLIFrameElement.csp")}} for details.</dd>
 <dt>{{htmlattrdef("height")}}</dt>
 <dd>The height of the frame in CSS pixels. Default is <code>150</code>.</dd>
 <dt id="name-attribute">{{htmlattrdef("importance")}} {{experimental_inline}}</dt>
 <dd>The download priority of the resource in the <code>&lt;iframe&gt;</code>'s <code>src</code> attribute. Allowed values:
 <dl>
  <dt><code>auto</code> (default)</dt>
  <dd>No preference. The browser uses its own heuristics to decide the priority of the resource.</dd>
  <dt><code>high</code></dt>
  <dd>The resource should be downloaded before other lower-priority page resources.</dd>
  <dt><code>low</code></dt>
  <dd>The resource should be downloaded after other higher-priority page resources.</dd>
 </dl>
 </dd>
 <dt>{{htmlattrdef("loading")}} {{experimental_inline}}</dt>
 <dd>Indicates how the browser should load the iframe:
 <ul>
  <li><code>eager</code>: Load the iframe immediately, regardless if it is outside the visible viewport (this is the default value).</li>
  <li><code><font face="consolas, Liberation Mono, courier, monospace">lazy</font></code>: Defer loading of the iframe until it reaches a calculated distance from the viewport, as defined by the browser.</li>
 </ul>
 </dd>
 <dt>{{htmlattrdef("name")}}</dt>
 <dd>A targetable name for the embedded browsing context. This can be used in the <code>target</code> attribute of the {{HTMLElement("a")}}, {{HTMLElement("form")}}, or {{HTMLElement("base")}} elements; the <code>formtarget</code> attribute of the {{HTMLElement("input")}} or {{HTMLElement("button")}} elements; or the <code>windowName</code> parameter in the {{domxref("Window.open()","window.open()")}} method.</dd>
 <dt id="attr-referrer">{{htmlattrdef("referrerpolicy")}}</dt>
 <dd>Indicates which <a href="/en-US/docs/Web/API/Document/referrer">referrer</a> to send when fetching the frame's resource:
 <ul>
  <li><code>no-referrer</code>: The {{HTTPHeader("Referer")}} header will not be sent.</li>
  <li><code>no-referrer-when-downgrade</code> (default): The {{HTTPHeader("Referer")}} header will not be sent to {{Glossary("origin")}}s without {{Glossary("TLS")}} ({{Glossary("HTTPS")}}).</li>
  <li><code>origin</code>: The sent referrer will be limited to the origin of the referring page: its <a href="/en-US/docs/Archive/Mozilla/URIScheme">scheme</a>, {{Glossary("host")}}, and {{Glossary("port")}}.</li>
  <li><code>origin-when-cross-origin</code>: The referrer sent to other origins will be limited to the scheme, the host, and the port. Navigations on the same origin will still include the path.</li>
  <li><code>same-origin</code>: A referrer will be sent for {{Glossary("Same-origin policy", "same origin")}}, but cross-origin requests will contain no referrer information.</li>
  <li><code>strict-origin</code>: Only send the origin of the document as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but don't send it to a less secure destination (HTTPS→HTTP).</li>
  <li><code>strict-origin-when-cross-origin</code>: Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (HTTPS→HTTPS), and send no header to a less secure destination (HTTPS→HTTP).</li>
  <li><code>unsafe-url</code>: The referrer will include the origin <em>and</em> the path (but not the <a href="/en-US/docs/Web/API/HTMLHyperlinkElementUtils/hash">fragment</a>, <a href="/en-US/docs/Web/API/HTMLHyperlinkElementUtils/password">password</a>, or <a href="/en-US/docs/Web/API/HTMLHyperlinkElementUtils/username">username</a>). <strong>This value is unsafe</strong>, because it leaks origins and paths from TLS-protected resources to insecure origins.</li>
 </ul>
 </dd>
 <dt>{{htmlattrdef("sandbox")}}</dt>
 <dd>Applies extra restrictions to the content in the frame. The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions:
 <ul>
  <li><code>allow-downloads-without-user-activation</code> {{experimental_inline}}: Allows for downloads to occur without a gesture from the user.</li>
  <li><code>allow-forms</code>: Allows the resource to submit forms. If this keyword is not used, form submission is blocked.</li>
  <li><code>allow-modals</code>: Lets the resource <a href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-modals-flag">open modal windows</a>.</li>
  <li><code>allow-orientation-lock</code>: Lets the resource <a href="/en-US/docs/Web/API/Screen/lockOrientation">lock the screen orientation</a>.</li>
  <li><code>allow-pointer-lock</code>: Lets the resource use the <a href="/en-US/docs/WebAPI/Pointer_Lock">Pointer Lock API</a>.</li>
  <li><code>allow-popups</code>: Allows popups (such as <code>window.open()</code>, <code>target="_blank"</code>, or <code>showModalDialog()</code>). If this keyword is not used, the popup will silently fail to open.</li>
  <li><code>allow-popups-to-escape-sandbox</code>: Lets the sandboxed document open new windows without those windows inheriting the sandboxing. For example, this can safely sandbox an advertisement without forcing the same restrictions upon the page the ad links to.</li>
  <li><code>allow-presentation</code>: Lets the resource start a <a href="/en-US/docs/Web/API/PresentationRequest">presentation session</a>.</li>
  <li><code>allow-same-origin</code>: If this token is not used, the resource is treated as being from a special origin that always fails the {{Glossary("same-origin policy")}}.</li>
  <li><code>allow-scripts</code>: Lets the resource run scripts (but not create popup windows).</li>
  <li><code>allow-storage-access-by-user-activation</code> {{experimental_inline}}: Lets the resource request access to the parent's storage capabilities with the <a href="/en-US/docs/Web/API/Storage_Access_API">Storage Access API</a>.</li>
  <li><code>allow-top-navigation</code>: Lets the resource navigate the top-level browsing context (the one named <code>_top</code>).</li>
  <li><code>allow-top-navigation-by-user-activation</code>: Lets the resource navigate the top-level browsing context, but only if initiated by a user gesture.</li>
 </ul>

 <div class="note"><strong>Notes about sandboxing:</strong>

 <ul>
  <li>When the embedded document has the same origin as the embedding page, it is <strong>strongly discouraged</strong> to use both <code>allow-scripts</code> and <code>allow-same-origin</code>, as that lets the embedded document remove the <code>sandbox</code> attribute — making it no more secure than not using the <code>sandbox</code> attribute at all.</li>
  <li>Sandboxing is useless if the attacker can display content outside a sandboxed <code>iframe</code> — such as if the viewer opens the frame in a new tab. Such content should be also served from a <em>separate origin</em> to limit potential damage.</li>
  <li>The <code>sandbox</code> attribute is unsupported in Internet Explorer 9 and earlier.</li>
 </ul>
 </div>
 </dd>
 <dt>{{htmlattrdef("src")}}</dt>
 <dd>The URL of the page to embed. Use a value of <code>about:blank</code> to embed an empty page that conforms to the <a href="/en-US/docs/Web/Security/Same-origin_policy#Inherited_origins">same-origin policy</a>. Also note that programatically removing an <code>&lt;iframe&gt;</code>'s src attribute (e.g. via {{domxref("Element.removeAttribute()")}}) causes <code>about:blank</code> to be loaded in the frame in Firefox (from version 65), Chromium-based browsers, and Safari/iOS.</dd>
 <dt>{{htmlattrdef("srcdoc")}}</dt>
 <dd>Inline HTML to embed, overriding the <code>src</code> attribute. If a browser does not support the <code>srcdoc</code> attribute, it will fall back to the URL in the <code>src</code> attribute.</dd>
 <dt>{{htmlattrdef("width")}}</dt>
 <dd>The width of the frame in CSS pixels. Default is <code>300</code>.</dd>
</dl>

<h3 id="Deprecated_attributes">Deprecated attributes</h3>

<p>These attributes are deprecated and may no longer be supported by all user agents. You should not use them in new content, and try to remove them from existing content.</p>

<dl>
 <dt>{{htmlattrdef("align")}} {{deprecated_inline("html4.01")}}, {{obsolete_inline("html5")}}</dt>
 <dd>The alignment of this element with respect to the surrounding context.</dd>
 <dt>{{htmlattrdef("frameborder")}} {{obsolete_inline("html5")}}</dt>
 <dd>The value <code>1</code> (the default) draws a border around this frame. The value <code>0</code> removes the border around this frame, but you should instead use the CSS property {{cssxref("border")}} to control <code>&lt;iframe&gt;</code> borders.</dd>
 <dt>{{htmlattrdef("longdesc")}} {{obsolete_inline("html5")}}</dt>
 <dd>A URL of a long description of the frame's content. Due to widespread misuse, this is not helpful for non-visual browsers.</dd>
 <dt>{{htmlattrdef("marginheight")}} {{obsolete_inline("html5")}}</dt>
 <dd>The amount of space in pixels between the frame's content and its top and bottom borders.</dd>
 <dt>{{htmlattrdef("marginwidth")}} {{obsolete_inline("html5")}}</dt>
 <dd>The amount of space in pixels between the frame's content and its left and right borders.</dd>
 <dt>{{htmlattrdef("scrolling")}} {{obsolete_inline("html5")}}</dt>
 <dd>Indicates when the browser should provide a scrollbar for the frame:
 <ul>
  <li><code>auto</code>: Only when the frame's content is larger than its dimensions.</li>
  <li><code>yes</code>: Always show a scrollbar.</li>
  <li><code>no</code>: Never show a scrollbar.</li>
 </ul>
 </dd>
</dl>

<h3 id="Non-standard_attributes_non-standard_inline">Non-standard attributes {{non-standard_inline}}</h3>

<dl>
 <dt>{{htmlattrdef("mozbrowser")}} {{non-standard_inline}}</dt>
 <dd>
 <div class="note">See {{bug(1318532)}} for exposing this to WebExtensions in Firefox.</div>
 Makes the <code>&lt;iframe&gt;</code> act like a top-level browser window. See <a href="/en-US/docs/Mozilla/Gecko/Chrome/API/Browser_API">Browser API</a> for details.<br>
 <strong>Available only to <a href="/en-US/docs/Mozilla/Add-ons/WebExtensions">WebExtensions</a>.</strong></dd>
</dl>

<h2 id="스크립팅">스크립팅</h2>

<p>Inline frames, like {{HTMLElement("frame")}} elements, are included in the {{domxref("window.frames")}} pseudo-array.</p>

<p>With the DOM {{domxref("HTMLIFrameElement")}} object, scripts can access the {{domxref("window")}} object of the framed resource via the {{domxref("HTMLIFrameElement.contentWindow", "contentWindow")}} property. The {{domxref("HTMLIFrameElement.contentDocument", "contentDocument")}} property refers to the <code>document</code> inside the <code>&lt;iframe&gt;</code>, same as <code>contentWindow.document</code>.</p>

<p>From the inside of a frame, a script can get a reference to its parent window with {{domxref("window.parent")}}.</p>

<p>Script access to a frame's content is subject to the {{Glossary("same-origin policy")}}. Scripts cannot access most properties in other <code>window</code> objects if the script was loaded from a different origin, including scripts inside a frame accessing the frame's parent. Cross-origin communication can be achieved using {{domxref("Window.postMessage()")}}.</p>

<h2 id="예제">예제</h2>

<h3 id="간단한_프레임">간단한 프레임</h3>

<p>An <code>&lt;iframe&gt;</code> in action. After creating the frame, when the user clicks a button, its title is displayed in an alert.</p>

<div id="htmlOutputWrapper">
<pre class="brush: html">&lt;iframe src="https://mdn-samples.mozilla.org/snippets/html/iframe-simple-contents.html"
            title="iframe Example 1" width="400" height="300"&gt;
&lt;/iframe&gt;</pre>
</div>

<h4 id="Result">Result</h4>

<p>{{ EmbedLiveSample('간단한_프레임', 640,400)}}</p>

<h3 id="프레임_안의_링크를_다른_탭에서_열기">프레임 안의 링크를 다른 탭에서 열기</h3>

<div>
<pre class="brush: html">&lt;iframe id="Example2"
    title="iframe Example 2"
    width="400" height="300"
    style="border:none"
    src="https://maps.google.com/maps?f=q&amp;source=s_q&amp;q=buenos+aires&amp;sll=37.0625,-95.677068&amp;sspn=38.638819,80.859375&amp;t=h&amp;hnear=Buenos+Aires,+Argentina&amp;z=11&amp;ll=-34.603723,-58.381593&amp;output=embed"&gt;
&lt;/iframe&gt;</pre>

<h4 id="결과">결과</h4>

<p>{{ EmbedLiveSample('프레임_안의_링크를_다른_탭에서_열기', 640, 400)}}</p>
</div>

<h2 id="Specifications" name="Specifications">명세</h2>

<table class="standard-table">
 <thead>
  <tr>
   <th scope="col">명세</th>
   <th scope="col">상태</th>
   <th scope="col">주석</th>
  </tr>
 </thead>
 <tbody>
  <tr>
   <td>{{SpecName('HTML WHATWG', 'the-iframe-element.html#the-iframe-element', '&lt;iframe&gt;')}}</td>
   <td>{{Spec2('HTML WHATWG')}}</td>
   <td></td>
  </tr>
  <tr>
   <td>{{SpecName('HTML5 W3C', 'embedded-content-0.html#the-iframe-element', '&lt;iframe&gt;')}}</td>
   <td>{{Spec2('HTML5 W3C')}}</td>
   <td></td>
  </tr>
  <tr>
   <td>{{SpecName('HTML4.01', 'present/frames.html#h-16.5', '&lt;iframe&gt;')}}</td>
   <td>{{Spec2('HTML4.01')}}</td>
   <td></td>
  </tr>
 </tbody>
</table>

<h2 id="Browser_compatibility" name="Browser_compatibility">브라우저 호환성</h2>



<p>{{Compat("html.elements.iframe", 3)}}</p>