References

Beginner-friendly references for web development, with live, editable examples.

The HTML type attribute

Attribute All modern browsers Updated
Quick answer

The HTML type attribute specifies the MIME type of the resource the object embeds. It is used on the <object> element.

Overview

The type attribute sets the MIME type of an embedded object. It is used on the <iframe>, <object> and <embed> elements.

It configures embedded content — what is embedded, what capabilities it is granted, and how it is sandboxed. With third-party content, these attributes are your main security controls.

Syntax

<object type="application/pdf" data="doc.pdf"></object>

Values

Value
A MIME type, e.g. application/pdf.

Best practices

  • Give every <iframe> a descriptive title.
  • Sandbox untrusted content with sandbox, and avoid combining allow-scripts with allow-same-origin for untrusted sources.
  • Grant only the features a frame needs with the allow attribute.
  • Defer off-screen frames with loading="lazy".

Frequently asked questions

What does the type attribute do?
Sets the MIME type of an embedded object.
How do I make an iframe secure?
Restrict untrusted content with sandbox, grant minimal features with allow, and never pair allow-scripts with allow-same-origin for untrusted sources.
How do I embed inline HTML in an iframe?
Use the srcdoc attribute to supply the HTML directly instead of a src URL.
Which elements use the type attribute?
It is an element-specific attribute, used on the <iframe>, <object> and <embed> elements.