use youtube-nocookie

https://support.google.com/youtube/answer/171780#zippy=%2Cturn-on-privacy-enhanced-mode

configs/nginx/snippets/security_headers.conf

@@ -1,5 +1,5 @@
 add_header Cache-Control "public";
-add_header Content-Security-Policy "default-src 'self'; media-src 'self' blob:; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/ https://www.bitchute.com/embed/; connect-src 'self' wss://example.com/ wss://www.example.com/ wss://www.example.onion/ wss://example.onion/ wss://www.example.loki/ wss://example.loki/" always;
+add_header Content-Security-Policy "default-src 'self'; media-src 'self' blob:; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube-nocookie.com/embed/ https://www.bitchute.com/embed/; connect-src 'self' wss://example.com/ wss://www.example.com/ wss://www.example.onion/ wss://example.onion/ wss://www.example.loki/ wss://example.loki/" always;
 add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin" always;
 add_header X-Frame-Options "sameorigin" always;
 add_header X-Content-Type-Options "nosniff" always;

configs/nginx/snippets/security_headers_nocache.conf

@@ -1,4 +1,4 @@
-add_header Content-Security-Policy "default-src 'self'; media-src 'self' blob:; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/ https://www.bitchute.com/embed/; connect-src 'self' wss://example.com/ wss://www.example.com/ wss://www.example.onion/ wss://example.onion/ wss://www.example.loki/ wss://example.loki/" always;
+add_header Content-Security-Policy "default-src 'self'; media-src 'self' blob:; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube-nocookie.com/embed/ https://www.bitchute.com/embed/; connect-src 'self' wss://example.com/ wss://www.example.com/ wss://www.example.onion/ wss://example.onion/ wss://www.example.loki/ wss://example.loki/" always;
 add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin" always;
 add_header X-Frame-Options "sameorigin" always;
 add_header X-Content-Type-Options "nosniff" always;

gulp/res/js/embed.js

@@ -13,7 +13,7 @@ if (!isCatalog) { //dont show embed buttons in catalog
 						const searchParams = urlObject.searchParams;
 						const videoId = searchParams.get('v') || (urlObject.hostname === 'youtu.be' ? urlObject.pathname.substring(1) : null);
 						if (videoId && videoId.length === 11) {
-							return `<iframe class="embed-video" src="https://www.youtube.com/embed/${encodeURIComponent(videoId)}" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" style="display:block;" allowfullscreen></iframe>`;
+							return `<iframe class="embed-video" src="https://www.youtube-nocookie.com/embed/${encodeURIComponent(videoId)}" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" style="display:block;" allowfullscreen></iframe>`;
 						}
 					} catch (e) { /*invalid url*/ }
 					return null;