iframe tag is parsed by the user’s browser.
WordPress users often come across iframes when they are trying to embed something from an external source into their WordPress site. The most common example of an iframe embed code is the YouTube video embed code which looks like this:
<iframe width="420" height="315" src="//www.youtube.com/embed/qzOOy1tWBCg?rel=0" frameborder="0" allowfullscreen></iframe>
In the above example, the iframe tag loads YouTube’s video player with the video ID provided in the code. It has other parameters defined as well, such as height, width, frameborder, etc. These parameters will be used by the script which loads YouTube video player.
Many other third party websites may provide users with an iframe embed code to insert certain elements on their websites. Most commonly web analytics service providers, social media websites, and video sharing sites offer users embed code in iframe format.
Caution: Users are advised to be cautious when they are asked to embed iframe code into their website. You should only embed an iframe code into your website if it is from a reliable source, and you are certain about the identity of the website. Sometimes hackers may also leave iframe code in a WordPress site as a backdoor. This code loads itself in an iframe and provides hackers remote access to a hacked WordPress site.