What security headers does Gatsby Cloud use by default? #32364
-
|
I have a website that is currently deployed to Netlify, but for some reason YouTube embeds are only working some of the time. Out of curiosity, I tried deploying the site to Gatsby and low and behold the embeds work perfectly. Netlify (first video works, second doesn't): Gatsby (both videos work): After some research, I can only assume it's down to the security headers of the server. I've tried speaking to Netlify about this but we weren't able to solve the problem. I was wondering, what security headers does Gatsby Cloud use so that I can try to mimic this in Netlify? I would happily switch over to Gatsby Cloud but unfortunately the site takes advantage of certain Netlify features and it would be too big a job to try and port this over. Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
For anyone else that comes across this, I found a tool that lets you check the security headers on any website: https://www.serpworx.com/check-security-headers/ And it turns out the Gatsby site (vs. the Netlify site) didn't actually have any security headers set at all. I know it's not ideal, but I replicated this behaviour and it fixed the problem on my Netlify site. So ultimately I think Google is requiring specific headers to be set to embed YouTube videos, but I can't find any documentation of what those headers might be. |
Beta Was this translation helpful? Give feedback.
For anyone else that comes across this, I found a tool that lets you check the security headers on any website:
https://www.serpworx.com/check-security-headers/
And it turns out the Gatsby site (vs. the Netlify site) didn't actually have any security headers set at all. I know it's not ideal, but I replicated this behaviour and it fixed the problem on my Netlify site.
So ultimately I think Google is requiring specific headers to be set to embed YouTube videos, but I can't find any documentation of what those headers might be.