Purpose
An iframe allows a certain web page to load content from another source without forcing the user to navigate to that specific page.
In general, iframes should not be used as they create a strong dependency between websites over which the European institutions have no control.
In addition, an iframe could be exploited to inject potentially dangerous code.
Rule
Loading third-party content via HTML Inline Frame elements (<iframe>) on pages within ec.europa.eu is not allowed.
If required by a justified communication need, iframe content may be embedded provided that the iframe content:
- Is embedded with the Cookie consent kit;
- Comes from a whitelisted network;
- Is regularly monitored to ensure that content is still relevant.
Iframes can only be used to embed internal pages, specifically pages that run applications developed in the past that can't be easily replaced.
The page linked in the iframe should not have navigations or header repetition. If that's the case, you must use a hyperlink instead.
Guidelines
Sometimes external websites embed institutional content in their pages. This practice poses a reputational risk, as such websites might pretend that the EU institutions endorse or support their views.
To tackle this problem, modern browsers support the X-FRAME-OPTIONS HTTP header, which prevents the page served to be used in an iframe (if set to DENY), or can allow embedding only from the same domain (if set to SAMEORIGIN).
You are advised to specify this header and set it to SAMEORIGIN on every page. Ask your local IT point of contact for more support.
Contact and support
Need further assistance on this topic? Please contact the team in charge of Europa Domain Management (EU Login required).