Error 153 Video player configuration error on YouTube embeds

I recently noticed that almost every YouTube video on my blog was displaying the same mysterious error message:

In all cases the HTML looked something like this:

<iframe style="max-width: 100%" width="560" height="315"
  src="https://www.youtube.com/embed/FgxwCaL6UTA"
  frameborder="0" allow="autoplay; encrypted-media" allowfullscreen="allowfullscreen"> </iframe>

It turned out the solution may be to replace www.youtube.com/embed/ with www.youtube-nocookie.com/embed/:

<iframe style="max-width: 100%" width="560" height="315"
  src="https://www.youtube-nocookie.com/embed/FgxwCaL6UTA"
  frameborder="0" allow="autoplay; encrypted-media" allowfullscreen="allowfullscreen"> </iframe>

This mostly fixed the problem, as demonstrated by this page.

(Weirdly on some refreshes of the page I get the same error. I'm not sure why that is.)

As explained over here, it turned out the reason I still saw some failures is that Django's SecurityMiddleware defaults to sending this header:

Referrer-Policy: same-origin

But YouTube's documentation explains that this header, which strips all Referer information on links to external sites, causes the error in YouTube.

The fix is to send this HTTP header instead:

Referrer-Policy: strict-origin-when-cross-origin

Or leave the Referrer-Policy off entirely.

Created 2025-09-30T10:07:00-07:00, updated 2025-11-30T21:28:58-08:00 · History · Edit