Beta website

YouTube CSP

I couldn’t find the Content Security Policy (CSP) requirements for YouTube videos posted anywhere so threw together my own after some trial and error.

The below requirements are for the cookieless embed version of YouTube hosted on www.youtube-nocookie.com. This version can be accessed by choosing the Enable privacy-enhanced mode when viewing the embed menu.

Required policies:

  1. frame-src: www.youtube-nocookie.com
  2. img-src: i.ytimg.com

frame-src is used to embed the actual video and the img-src is used for images that are loaded when the video is paused displaying other recommended videos.

Photo by Szabo Viktor on Unsplash.

This section of my site is just notes that don't require a full blog post. You can find all my full posts here.