When should you use iframe
The most common use of an iframe is to load content from another site within the page. The child site can load its own content and cookies, so sites may allow it where they don't allow direct hotlinking content. Using an iframe is the accepted way to embed a YouTube video or Google Maps content.
Should you avoid iframes
In addition to the negative impact on your site's overall appearance and the user experience, they also have a deadly impact on your traffic goals. In fact, even Google says, don't do it – straight from its developer site: “We recommend that you avoid the use of iFrames to display content.”
Is iframe good or bad practice
Iframes Bring Security Risks. If you create an iframe, your site becomes vulnerable to cross-site attacks. You may get a submittable malicious web form, phishing your users' personal data. A malicious user can run a plug-in.
Is iframe better than embed
As mentioned, we use iframe to embed an HTML document onto a page. Alternatively, embed is used to embed other types of content, including PDFs, browser plugins, and Flash animations. The embed element can also be used to place media, but iframe is better for this purpose.
What is a better alternative to iframe
As others have mentioned you can also use the embed tag and the object tag but that's not necessarily more advanced or newer than the iframe.
Why iframe is not recommended
By default, content from an iframe can trigger top-level navigation. So, an attacker might leverage cross-site scripting (XSS) vulnerability on a web application to insert phishing code as an iframe to lead the user into a phishing website. In the above code, there is a phishing site embedded using an iframe.
Why are iframes discouraged
Iframes Bring Security Risks. If you create an iframe, your site becomes vulnerable to cross-site attacks. You may get a submittable malicious web form, phishing your users' personal data. A malicious user can run a plug-in.
Why avoid iframes
iframe Injection
iframes use multiple tags to display HTML documents on web pages and redirect users to different web addresses. This behavior allows 3rd parties to inject malicious executables, viruses, or worms into your application and execute them in user's devices.
Is iframe going to be deprecated
Powerful, but easy to misuse
They were almost always a bad approach to design. Thankfully, the <frame> element has been deprecated in HTML5, but the <iframe> , or “inline frame” is still available.
