diff --git src/wp-includes/embed-functions.php src/wp-includes/embed-functions.php
index 360399e..b2ea7b9 100644
--- src/wp-includes/embed-functions.php
+++ src/wp-includes/embed-functions.php
@@ -461,7 +461,7 @@ function get_post_embed_html( $post = null, $width, $height ) {
 
 	$embed_url = get_post_embed_url( $post );
 
-	$output = '<blockquote><a href="' . get_permalink( $post ) . '">' . get_the_title( $post ) . "</a></blockquote>\n";
+	$output = '<blockquote class="wp-embedded-content"><a href="' . esc_url( get_permalink( $post ) ) . '">' . get_the_title( $post ) . "</a></blockquote>\n";
 
 	$output .= "<script type='text/javascript'>\n";
 	$output .= "<!--//--><![CDATA[//><!--\n";
@@ -755,7 +755,7 @@ function wp_filter_oembed_result( $result, $data, $url ) {
 
 	$allowed_html = array(
 		'a'          => array(
-			        'href' => true,
+			'href'         => true,
 		),
 		'blockquote' => array(),
 		'iframe'     => array(
@@ -767,7 +767,6 @@ function wp_filter_oembed_result( $result, $data, $url ) {
 			'marginheight' => true,
 			'scrolling'    => true,
 			'title'        => true,
-			'class'        => true,
 		),
 	);
 
@@ -783,22 +782,10 @@ function wp_filter_oembed_result( $result, $data, $url ) {
 	if ( ! empty( $content[1] ) ) {
 		// We have a blockquote to fall back on. Hide the iframe by default.
 		$html = str_replace( '<iframe', '<iframe style="display:none;"', $html );
+		$html = str_replace( '<blockquote', '<blockquote class="wp-embedded-content"', $html );
 	}
 
-	$html = str_replace( '<iframe', '<iframe sandbox="allow-scripts" security="restricted"', $html );
-
-	preg_match( '/ src=[\'"]([^\'"]*)[\'"]/', $html, $results );
-
-	if ( ! empty( $results ) ) {
-		$secret = wp_generate_password( 10, false );
-
-		$url = esc_url( "{$results[1]}#?secret=$secret" );
-
-		$html = str_replace( $results[0], " src=\"$url\" data-secret=\"$secret\"", $html );
-		$html = str_replace( '<blockquote', "<blockquote data-secret=\"$secret\"", $html );
-	}
-
-	return $html;
+	return str_replace( '<iframe', '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"', $html );
 }
 
 /**
diff --git src/wp-includes/js/wp-embed-template.js src/wp-includes/js/wp-embed-template.js
index 847ebcf..819ef0c 100644
--- src/wp-includes/js/wp-embed-template.js
+++ src/wp-includes/js/wp-embed-template.js
@@ -1,8 +1,7 @@
 (function ( window, document ) {
 	'use strict';
 
-	var secret = window.location.hash.replace( /.*secret=([\d\w]{10}).*/, '$1' ),
-		resizing;
+	var secret, secretTimeout, resizing;
 
 	function sendEmbedMessage( message, value ) {
 		window.parent.postMessage( {
@@ -159,4 +158,23 @@
 	}
 
 	window.addEventListener( 'resize', onResize, false );
+
+	/**
+	 * Re-get the secret when it was added later on.
+	 */
+	function getSecret() {
+		if ( window.self === window.top || !!secret ) {
+			return;
+		}
+
+		secret = window.location.hash.replace( /.*secret=([\d\w]{10}).*/, '$1' );
+
+		clearTimeout( secretTimeout );
+
+		secretTimeout = setTimeout( function () {
+			getSecret();
+		}, 100 );
+	}
+
+	getSecret();
 })( window, document );
diff --git src/wp-includes/js/wp-embed.js src/wp-includes/js/wp-embed.js
index 3829d0d..81f91d0 100644
--- src/wp-includes/js/wp-embed.js
+++ src/wp-includes/js/wp-embed.js
@@ -13,19 +13,12 @@
 			return;
 		}
 
-		var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ),
-			blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ),
+		var iframes = document.querySelectorAll( '.wp-embedded-content[data-secret="' + data.secret + '"]' ),
 			i, source, height, sourceURL, targetURL;
 
-		for ( i = 0; i < blockquotes.length; i++ ) {
-			blockquotes[ i ].style.display = 'none';
-		}
-
 		for ( i = 0; i < iframes.length; i++ ) {
 			source = iframes[ i ];
 
-			source.style.display = '';
-
 			/* Resize the iframe on request. */
 			if ( 'height' === data.message ) {
 				height = data.value;
@@ -58,18 +51,31 @@
 
 	function onLoad() {
 		var isIE10 = -1 !== navigator.appVersion.indexOf( 'MSIE 10' ),
-			isIE11 = !!navigator.userAgent.match( /Trident.*rv\:11\./ ),
-			iframes, iframeClone, i;
+			isIE11 = !!navigator.userAgent.match( /Trident.*rv:11\./ ),
+			iframes = document.querySelectorAll( 'iframe.wp-embedded-content' ),
+			blockquotes = document.querySelectorAll( 'blockquote.wp-embedded-content' ),
+			iframeClone, i, source, secret;
 
-		/* Remove security attribute from iframes in IE10 and IE11. */
-		if ( isIE10 || isIE11 ) {
-			iframes = document.querySelectorAll( '.wp-embedded-content[security]' );
+		for ( i = 0; i < blockquotes.length; i++ ) {
+			blockquotes[ i ].style.display = 'none';
+		}
+
+		for ( i = 0; i < iframes.length; i++ ) {
+			source = iframes[ i ];
+			source.style.display = '';
+
+			if ( ! source.getAttribute( 'data-secret' ) ) {
+				/* Add secret to iframe */
+				secret = Math.random().toString( 36 ).substr( 2, 10 );
+				source.src += '#?secret=' + secret;
+				source.setAttribute( 'data-secret', secret );
+			}
 
-			for ( i = 0; i < iframes.length; i++ ) {
-				iframeClone = iframes[ i ].cloneNode( true );
+			/* Remove security attribute from iframes in IE10 and IE11. */
+			if ( ( isIE10 || isIE11 ) && !!source.getAttribute( 'security' ) ) {
+				iframeClone = source.cloneNode( true );
 				iframeClone.removeAttribute( 'security' );
-				iframes[ i ].parentNode.insertBefore( iframeClone, iframes[ i ].nextSibling );
-				iframes[ i ].parentNode.removeChild( iframes[ i ] );
+				source.parentNode.replaceChild( iframeClone, source );
 			}
 		}
 	}
diff --git tests/phpunit/tests/oembed/filterResult.php tests/phpunit/tests/oembed/filterResult.php
index 7559f62..56819b1 100644
--- tests/phpunit/tests/oembed/filterResult.php
+++ tests/phpunit/tests/oembed/filterResult.php
@@ -16,19 +16,14 @@ class Tests_Filter_oEmbed_Result extends WP_UnitTestCase {
 		$html   = '<p></p><iframe onload="alert(1)" src="http://example.com/sample-page/"></iframe>';
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), 'http://example.com/sample-page/' );
 
-		$matches = array();
-		preg_match( '|src=".*#\?secret=([\w\d]+)" data-secret="([\w\d]+)"|', $actual, $matches );
-
-		$this->assertTrue( isset( $matches[1] ) );
-		$this->assertTrue( isset( $matches[2] ) );
-		$this->assertEquals( $matches[1], $matches[2] );
+		$this->assertEquals( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" src="http://example.com/sample-page/"></iframe>', $actual );
 	}
 
 	function test_filter_oembed_result_only_one_iframe_is_allowed() {
 		$html   = '<div><iframe></iframe><iframe></iframe><p></p></div>';
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
 
-		$this->assertEquals( '<iframe sandbox="allow-scripts" security="restricted"></iframe>', $actual );
+		$this->assertEquals( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
 	}
 
 	function test_filter_oembed_result_with_newlines() {
@@ -41,7 +36,7 @@ EOD;
 
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
 
-		$this->assertEquals( '<iframe sandbox="allow-scripts" security="restricted"></iframe>', $actual );
+		$this->assertEquals( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
 	}
 
 	function test_filter_oembed_result_without_iframe() {
@@ -56,18 +51,6 @@ EOD;
 		$this->assertFalse( $actual );
 	}
 
-	function test_filter_oembed_result_secret_param_available() {
-		$html   = '<iframe src="https://wordpress.org"></iframe>';
-		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
-
-		$matches = array();
-		preg_match( '|src="https://wordpress.org#\?secret=([\w\d]+)" data-secret="([\w\d]+)"|', $actual, $matches );
-
-		$this->assertTrue( isset( $matches[1] ) );
-		$this->assertTrue( isset( $matches[2] ) );
-		$this->assertEquals( $matches[1], $matches[2] );
-	}
-
 	function test_filter_oembed_result_wrong_type_provided() {
 		$actual = wp_filter_oembed_result( 'some string', (object) array( 'type' => 'link' ), '' );
 
@@ -83,13 +66,13 @@ EOD;
 		$html   = '<blockquote></blockquote><iframe></iframe>';
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
 
-		$this->assertEquals( '<blockquote></blockquote><iframe sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual );
+		$this->assertEquals( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual );
 	}
 
 	function test_filter_oembed_result_allowed_html() {
-		$html   = '<blockquote><strong><a href="" target=""></a></strong></blockquote><iframe></iframe>';
+		$html   = '<blockquote class="foo" id="bar"><strong><a href="" target=""></a></strong></blockquote><iframe src="someurl" class="test"></iframe>';
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
 
-		$this->assertEquals( '<blockquote><a href=""></a></blockquote><iframe sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual );
+		$this->assertEquals( '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="display:none;" src="someurl"></iframe>', $actual );
 	}
 }