I included an iframe pointing to a youtube video on a website using https. Although I embedded the youtube video with "https://", the video loads http-files when I click on play, rendering the browser security icon "unsafe". How do I force youtube to only load https files?
My embed HTML:
<iframe id="ytplayer" type="text/html" width="480" height="360" src="//www.youtube.com/embed/-ZUrjLs48a8" frameBorder="0" allowfullscreen></iframe>
Add a origin parameter to your URL as explained from the Google api documentation:
YouTube Player API Reference for iframe Embeds
As an extra security measure, you should also include the origin parameter to the URL, specifying the URL scheme (http:// or https://) and full domain of your host page as the parameter value. While origin is optional, including it protects against malicious third-party JavaScript being injected into your page and hijacking control of your YouTube player.
<iframe id="player" type="text/html" width="640" height="390"
src="http://www.youtube.com/embed/u1zgFlCw8Aw?enablejsapi=1&origin=http://example.com"
frameborder="0"></iframe>