YouTube has a little known parameter that could be added to each embed code to enforce same origin security. As YouTube puts it: “including it protects against malicious third-party JavaScript being injected into your page and hijacking control of your YouTube player.” This plugin can now automatically enforce same origin with the click of a button.
We’ll embed the video below and preview the page without the plugin’s origin feature active and then with it. There are no differences in the appearance and operation of the YouTube player; however, you’ll see a slight but important difference in the embed code when the page source is shown. This will confirm that your embeds are protected from CSS type hijacks.