Embedding a page means including content from an external source directly into a web page. This allows you to display content like videos, maps, tweets, and more without requiring users to leave your site. There are a few main ways to embed content into a web page:
Using an iframe
An iframe or inline frame allows you to load external content into a designated section of your page. Here’s an example of iframe code:
<iframe src="https://example.com" width="600" height="400"></iframe>
This renders a box on your page displaying the content from the specified URL. The width and height attributes control the dimensions of the iframe. iframes are a simple way to embed content, but they come with some drawbacks:
- The embedded content stays isolated in the iframe – users can’t interact with it like normal page content
- Iframes don’t adapt responsively to different device sizes
- There are restrictions on iframing content from some external domains
Using embed codes
Many sites provide custom embed codes to display their content. For example, YouTube gives you a short code to paste into your page like this:
<iframe width="560" height="315" src="https://www.youtube.com/embed/1234567"></iframe>
This is similar to using a basic iframe, but the embed code is customized for that particular piece of content. The benefit of embed codes is that they handle all the technical details for you behind the scenes. The downside is that you are limited by the options provided by the external site.
Using oEmbeds
oEmbed is a standard that allows websites to publicly specify embeddable content via API endpoints. Many sites like YouTube, Flickr, and SlideShare support oEmbeds. To use oEmbeds on your page, you make a URL request and the API responds with the appropriate embed code to display that content.
For example, to embed a SlideShare presentation you could make this request:
https://www.slideshare.net/api/oembed/2?format=json&url=http://www.slideshare.net/jamietennant/the-battle-for-your-behavior
And get a response like this:
{
"type": "rich",
"version": "1.0",
"html": "<iframe src=\"//www.slideshare.net/slideshow/embed_code/key/hqDhSJoWkrHe7l\" width=\"427\" height=\"356\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" style=\"border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;\" allowfullscreen> </iframe>",
"width": 427,
"height": 356
}
You could then extract the HTML from that response and include it in your page markup to embed the presentation. The benefit of oEmbeds is leveraging the standard to seamlessly embed content from any compliant site.
Using JavaScript APIs
Many platforms provide JavaScript APIs to programmatically work with their content. For example, Google Maps has a Maps JavaScript API that allows you to customize map embeds with extensive options. Here is sample code to embed a basic Google Map:
<script>
function initMap() {
var map = new google.maps.Map(document.getElementById('map'), {
center: {lat: -34.397, lng: 150.644},
zoom: 8
});
}
</script>
<div id="map"></div>
<script async defer src="https://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&callback=initMap"></script>
The API initializes the map, handles rendering it in the page, and provides options for customization like setting the location and zoom level. The downside is that using JavaScript APIs takes more development work compared to basic embeds.
Using server-side integration
For some content like social media timelines, server-side integration may be the best option. This involves calling an API endpoint from your backend code to retrieve embed data that you dynamically inject into your pages.
For example, to display Facebook posts, you could make an API request server-side to graph.facebook.com and output the embed code in your HTML markup. This provides more flexibility than client-side approaches.
Factors to consider when embedding
There are several factors to evaluate when considering embedding content on your site:
- Performance: Embedded items increase page weight and can slow down load times, especially for mobile users on slower connections.
- responsive.: Embedded content may not adapt well to different device sizes and viewports unless specifically designed to be responsive.
- UX: Embedded content should fit naturally on the page and not detract from usability.
- Accessibility: Consider screen reader and keyboard accessibility for visually impaired users and those with disabilities.
- Optimization: Embed code should use relative image paths and be minified when possible.
- freshness: If embedding frequently updated content like social media, provide options to refresh or display new posts.
- Context: The embedded content should be relevant and add value for your readers.
- Legal: Ensure embedded content abides by copyright laws and attribute sources appropriately.
Testing across devices and connections speeds is important to ensure embedded content displays well for your audience. Following web development best practices helps make embeds fast, usable, and accessible.
Common examples of embedded content
Here are some common examples of content that can be embedded on web pages:
- YouTube, Vimeo, or other video clips
- Facebook, Instagram, Twitter posts and timelines
- Google Maps, Mapbox maps
- SlideShare, SpeakerDeck presentations
- CodePen, JSFiddle code demos
- Github Gists
- Spotify music players
- Polls, surveys, voting widgets
- RSS feeds
Essentially any external content with a structured format can be embedded, given an appropriate API or integration method exists. New types of embeddable content and capabilities continue to emerge over time as services adopt standards like oEmbed.
Tools for embedding content
There are a variety of tools available to help streamline the embedding process:
- EmbedButtons: Browser extension for quickly generating embed codes for sites like YouTube and Vimeo.
- Embedding API: Service that simplifies oEmbed integration using a proxy API.
- Superembed: WordPress plugin for searching and inserting various embed codes with a unified UI.
- Embedly: Paid service that optimizes embedding of content through caching, image conversion, and analytics.
- Reembed: Client-side JavaScript tool for dynamically embedding content based on URL patterns.
- PyEmbed: Python library for generating embed codes from URLs using oEmbed and other APIs.
These tools abstract away the technical details of working with different embed APIs and allow you to focus on content integration.
Best practices for embedded content
Here are some best practices to follow when embedding third-party content on web pages:
- Use semantically correct HTML elements like
<figure>and<figcaption>to identify embedded content. - Ensure embedded media is responsive using relative width/heights.
- Provide image fallbacks in embeds for legacy browser support.
- Lazy load non-critical embeds to optimize page speed.
- Minify embed code by removing unnecessary whitespace, comments, etc.
- Use HTTPS for embedded resources to avoid mixed content warnings.
- Cache embed code in a CDN to improve performance across pages.
- Size iframes explicitly so embedded content doesn’t shift page layout.
- Include title, alt text, and captions to aid accessibility.
- Avoid autoplaying videos or audio that may annoy users.
Following web development best practices for performance, responsiveness, accessibility, and UX goes a long way in creating great embedded content experiences.
Security considerations for embeds
There are some security risks to keep in mind when embedding third-party content:
- XSS (cross-site scripting): Sanitize untrusted data from embeds to avoid injecting JavaScript or HTML that could compromise security.
- Clickjacking: Use X-Frame-Options HTTP headers to prevent embedding pages in unauthorized contexts.
- Spectre/Meltdown: Limit CPU usage through iframe sandboxes to mitigate potential browser vulnerabilities.
- Third-party tracking: Embedded content may send analytic data to third-party servers unless configured to respect user privacy.
- Supply chain attacks: Vet and monitor embed partners to reduce risk of compromised resources injecting malware.
- Insecure APIs: Use oAuth when possible and avoid embedding content over plain HTTP.
Staying up-to-date on web security best practices can help mitigate risks when embedding third-party content on sites. Some key principles are:
- Only load resources from trusted sources over HTTPS
- Parse and sanitize any unsafe data passed into embeds
- Use sandboxed iframes to isolate external code
- Limit resource usage through iframe throttling
Troubleshooting embeds
Here are some common issues when embedding content and how to troubleshoot them:
- Blank embed: Check iframe source, ensure URL is valid, and site allows iframing.
- Embed not responsive: Explicitly set iframe width/height using relative units like percentage.
- Mixed content errors: Change embed src to HTTPS or use protocol relative URLs starting with //.
- Page layout shifting: Set fixed pixel sizes for iframes or use responsive containers.
- Errors in embed code: Validate markup using W3C validator and correct invalid HTML.
- Embedding disabled: Review whitelist requirements and restrictions from content provider.
- Slow page loads: Optimize embed code, use lazy loading, or load embeds after page render.
Monitoring network requests and debugging JavaScript errors can help identify issues loading embed code. For embedded media like YouTube videos, using the “debug” parameter can display helpful error messages.
Alternatives to embedding
In some cases, alternatives to embedding third-party content may be preferable:
- Linking out: Instead of embedding full content, link to the original source when possible.
- Content syndication: Replicate structured data like RSS feeds natively instead of embedded iframes.
- Media hosting: Self-host and serve videos, images, etc. from your own servers.
- Proxy servers: Route embedded content through your servers to gain more control.
- Templating: Use templates, components, and slots to natively include dynamic content.
- Packaged integrations: Rely on platform-specific embed features like Twitter cards.
The right balance depends on your specific use case. But alternatives provide more content ownership and flexibility in many cases.
The future of embedded content
There are several promising developments around embedded content:
- Web components: Custom elements for encapsulating widgets give more control over UI and behavior.
- Accelerated Mobile Pages (AMP): Google’s new framework optimizes embeds for speed and distribution.
- Lazysizes: New JavaScript library smoothly lazy loads responsive iframes and images.
- Object/iframe tags: Allow embedding additional types like PDFs natively in HTML.
- Variable fonts: Adaptive typography improves readability across embedded content types.
- Web Assembly: Near-native performance for CPU-intensive embed code right in the browser.
Standards like oEmbed combined with powerful new browser capabilities will continue advancing embedded content. The line between native and embedded code will only get blurrier over time thanks to innovations across the open web platform.
Conclusion
Embedded content powers much of the dynamic, interactive experiences we’ve come to expect on modern websites. Taking advantage of the various embed options in a performance-conscious way can enhance your pages with engaging multimedia and deep integrations. However, embedded content also introduces risks around security, optimization, and user experience. Following current best practices helps ensure your embeds provide value to visitors while avoiding the pitfalls. As embed technologies evolve, we’ll continue to see new opportunities to seamlessly incorporate the wealth of content across the web.