Sandboxing third-party widget/applications To prevent malicious developers from stealing identity cookies, Facebook requires third party application to be hosted in IFrames (unless you're using FBML). More info here: http://www.ccheever.com/blog/?p=10
Display banners Most ad networks offer publisher a one line iframe code for developers to drop into their website.
Comet (bidirectional channel between browser and web server) Applications like Gmail Chat, Facebook Chat, Etherpad, and Quora utilizes comet to allow servers to stream data and commands back to the browser without a page refresh. Hidden IFrames is one of the ways used to enable this. en.wikipedia.org/wiki/Comet_(programming)#Hidden_IFrame
Atul Sharma
Full Stack Developer | Cloud Native Applications
Nowadays, they are used in the following ways:
Cross domain communication Facebook Connect, for example, allows websites to query Facebook through the use of hidden IFrames. msdn.microsoft.com/en-us/architecture/bb735305.as…
Comet (bidirectional channel between browser and web server) Applications like Gmail Chat, Facebook Chat, Etherpad, and Quora utilizes comet to allow servers to stream data and commands back to the browser without a page refresh. Hidden IFrames is one of the ways used to enable this. en.wikipedia.org/wiki/Comet_(programming)#Hidden_IFrame
Original Answer : quora.com/Why-do-developers-still-use-iframes