Referrer-Policy and youtube

colak · Yesterday 12:28:04

Just a heads up that YouTube embedded videos no longer load when we have Header always set Referrer-Policy "strict-origin-when-cross-origin" in our Security Headers. A way around it is to make an exception:

Header always set Referrer-Policy "strict-origin-when-cross-origin"
SetEnvIf Referer "https?://(www\.)?youtube\.com" is_youtube
Header set Referrer-Policy "same-origin" env=is_youtube

phiw13 · Today 06:31:25

That is interesting. It is strange as the few YT videos we have embedded all display fine, with Referrer-Policy "strict-origin-when-cross-origin". All use the youtube-nocookie URL though, not sure if that matters.

Here is an example – does the video play (solo by Bass player Bernard Santacruz) play on your side?

PS I really should add referrerpolicy='strict-origin-when-cross-origin' to the embed cde to work around the “Error 153” I often see in feed readers

Last edited by phiw13 (Today 06:32:06)

colak · Today 09:12:48

I forgot the error I got, but it was 17x I think. Searching for it, revealed that YT wants to detect the referrer of the embedded video exactly, otherwise it does not load the embed.

After adding the directive above, all is working as intended.

I also use the no-cookie url too.

Your video loads just fine from here.

phiw13 · Today 11:18:28

Thanks. That needs keeping an eye on…

This afternoon I noticed that YT now adds referrerpolicy='strict-origin-when-cross-origin' to the suggested embed coded for both youtube and youtube-nocooke URL’s. That is fairly recent I think (haven’t had to add YT videos for a while).

Textpattern CMS

Textpattern CMS support forum

#1 Yesterday 12:28:04

Referrer-Policy and youtube

#2 Today 06:31:25

Re: Referrer-Policy and youtube

#3 Today 09:12:48

Re: Referrer-Policy and youtube

#4 Today 11:18:28

Re: Referrer-Policy and youtube

Board footer