ActiveX is a deprecated software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. Microsoft introduced ActiveX in 1996. In principle, ActiveX is not dependent on Microsoft Windows operating systems, but in practice, most ActiveX controls only run on Windows. Most also require the client to be running on an x86-based computer because ActiveX controls contain compiled code.

ActiveX is still supported in the "Internet Explorer mode" of Microsoft Edge (which has a different, incompatible extension system, as it is based on Google's Chromium project).

ActiveX was one of the major technologies used in component-based software engineering. Compared with JavaBeans, ActiveX supports more programming languages, but JavaBeans supports more platforms. ActiveX is supported in many rapid application development technologies, such as Active Template Library, Delphi, JavaBeans, Microsoft Foundation Class Library, Qt, Visual Basic, Windows Forms and wxWidgets, to enable application developers to embed ActiveX controls into their products.

Many Microsoft Windows applications—including many of those from Microsoft itself, such as Internet Explorer, Microsoft Office, Microsoft Visual Studio, and Windows Media Player—use ActiveX controls to build their feature-set and also encapsulate their own functionality as ActiveX controls which can then be embedded into other applications. Internet Explorer also allows the embedding of ActiveX controls in web pages.

Faced with the complexity of OLE 2.0 and with poor support for COM in MFC, Microsoft simplified the specification and rebranded the technology as ActiveX in 1996. Even after simplification, users still required controls to implement about six core interfaces. In response to this complexity, Microsoft produced wizards, ATL base classes, macros and C++ language extensions to make it simpler to write controls.

Starting with Internet Explorer 3.0 (1996), Microsoft added support to host ActiveX controls within HTML content. If the browser encountered a page specifying an ActiveX control via an OBJECT tag (the OBJECT tag was added to the HTML 3.2 specification by Charlie Kindel, the Microsoft representative to the W3C at the time) it would automatically download and install the control with little or no user intervention. This made the web "richer" but provoked objections (since such controls, in practice, ran only on Windows, and separate controls were required for each supported platform: one for Windows 3.1/Windows NT 3.51, one for Windows NT/95, and one for Macintosh M68K/PowerPC.) and security risks (especially given the lack of user intervention). Microsoft subsequently introduced security measures to make browsing including ActiveX safer.

For example:

ActiveX was controversial from the start; while Microsoft claimed programming ease and good performance compared to Java applets in its marketing materials, critics of ActiveX were quick to point out security issues and lack of portability, making it impractical for use outside protected intranets. The ActiveX security model relied almost entirely on identifying trusted component developers using a code signing technology called Authenticode. Developers had to register with Verisign (US$20 per year for individuals, $400 for corporations) and sign a contract, promising not to develop malware. Identified code would then run inside the web browser with full permissions, meaning that any bug in the code was a potential security issue; this contrasts with the sandboxing already used in Java at the time.