---
url: 'https://www.corbado.com/faq/browsers-support-passkey-third-party-iframe'
title: 'Which browsers support passkey creation in 3rd-party iframe?'
description: 'Learn which browsers support creating passkeys within third-party iframes, including current limitations and future expectations for WebAuthn Level 3.'
lang: 'en'
keywords: 'third-party iframe'
---

# Which browsers support passkey creation in 3rd-party iframe?

## Which browsers currently support the creation of passkeys in a third-party iframe context?

As of now, browser support for creating passkeys within third-party (cross-origin)
[iframes](https://www.corbado.com/blog/iframe-passkeys-webauthn) is evolving rapidly, particularly influenced by
the [WebAuthn Level 3](https://www.corbado.com/blog/passkeys-prf-webauthn) specification. Here's the current
state of support:

## Browsers Supporting Passkey Creation in Third-Party Iframes

- **Chrome:** Fully supports [passkey creation](https://www.corbado.com/blog/passkey-creation-best-practices) in
  [cross-origin](https://www.corbado.com/blog/iframe-passkeys-webauthn) [iframes](https://www.corbado.com/blog/iframe-passkeys-webauthn)
  as of Chrome version 123, complying with the
  [WebAuthn Level 3](https://www.corbado.com/blog/passkeys-prf-webauthn) specification.
- **Firefox:** Fully supports [passkey creation](https://www.corbado.com/blog/passkey-creation-best-practices) in
  [cross-origin](https://www.corbado.com/blog/iframe-passkeys-webauthn)
  [iframes](https://www.corbado.com/blog/iframe-passkeys-webauthn), aligning with
  [WebAuthn Level 3](https://www.corbado.com/blog/passkeys-prf-webauthn).

## Browsers with Limited or No Support

**Safari:** Currently **does not support** creating passkeys within third-party iframes.
Safari allows only authentication (login) via passkeys in
[cross-origin](https://www.corbado.com/blog/iframe-passkeys-webauthn) iframes, but not registration or creation.
This limitation is part of Safari's broader restrictions related to cross-origin security.
In a [payment](https://www.corbado.com/passkeys-for-payment) context, one of the reason for this limitation is
that Apple wants to protect its [Apple Pay](https://www.corbado.com/blog/how-to-use-apple-pay) experience and
make it stand out against other providers.

## Recommendation

- Always verify browser compatibility before implementing a
  [cross-origin iframe](https://www.corbado.com/faq/cross-origin-iframe-passkey-challenges) passkey flow in
  production environments.
- Provide alternative authentication flows (e.g., redirect-based or pop-up-based) to
  handle browsers with limited support, ensuring consistent user experiences.

For the most accurate and up-to-date compatibility, always check official browser
documentation and release notes.

## Read the full article