How to Fix YouTube Error 153 in WordPress (Cloudflare Security Headers)

If you’ve embedded a YouTube video in WordPress and you’re seeing Error 153 — Video Player Configuration Error, this guide will fix it in under a minute.

⚠️ Confirmed fix — May 2026

What is YouTube Error 153?

Error 153 appears when YouTube’s embedded player can’t verify where the embed request is coming from. YouTube requires a valid referrer header to serve its embedded player — if the referrer is missing or blocked, it returns Error 153 instead of playing the video.

This is increasingly common on WordPress sites because several popular security configurations block or strip the referrer header as a privacy measure.

What Causes It on WordPress?

The most common cause in 2026 is Cloudflare’s “Add Security Headers” managed transform, which is available under Cloudflare → Rules → Settings → Managed Transforms.

When enabled, this feature adds several HTTP security headers to your site including a strict Referrer-Policy header. This header tells browsers not to send referrer information when navigating between sites — which is great for privacy, but it breaks YouTube’s embedded player authentication.

Other possible causes include:

• A custom Referrer-Policy: no-referrer header set in your hosting control panel
• A WordPress security plugin adding strict referrer policy headers
• Custom .htaccess rules blocking referrer headers

The Fix — Cloudflare (30 seconds)

If you’re using Cloudflare:

1. Log into your Cloudflare dashboard
2. Select your domain
3. Go to Rules → Settings
4. Click Managed Transforms
5. Find “Add security headers” and toggle it OFF
6. Save

That’s it. Refresh your page and the YouTube embed will load correctly:

Why This Works

Disabling the security headers managed transform stops Cloudflare from adding the strict Referrer-Policy header to your responses. Without that header, browsers use their default referrer policy (strict-origin-when-cross-origin) which sends enough referrer information for YouTube to authenticate the embed request.

Alternative Fix — WordPress functions.php

If you want to keep Cloudflare’s security headers but fix the referrer policy specifically, add this to your child theme’s functions.php:

php

// Fix YouTube Error 153 - set correct referrer policy
function referrer_policy_header() {
    header('Referrer-Policy: strict-origin-when-cross-origin');
}
add_action('send_headers', 'referrer_policy_header');

This explicitly sets the referrer policy to strict-origin-when-cross-origin which satisfies YouTube’s requirements while still providing reasonable privacy protection.

Other Causes and Fixes

If you’re not using Cloudflare, check these:

• Your hosting control panel — look for security headers settings and check if a Referrer-Policy: no-referrer header is being set
• WordPress security plugins — Wordfence, iThemes Security and similar plugins can add referrer policy headers. Check their settings for anything referrer-related
• .htaccess — search your .htaccess file for Referrer-Policy and remove or modify any strict referrer rules

Frequently Asked Questions

About The Author

Andrew Armstrong

Andrew Armstrong is a UK-based IT professional with 26+ years of hands-on experience in Windows, Windows Server, SCCM/ConfigMgr, Active Directory, PowerShell, and enterprise infrastructure. He founded TechyGeeksHome in 2010 and has published over 1,500 practical guides covering real-world IT problems and solutions. When not solving IT problems, Andrew develops free Windows utilities including Ultimate Settings Panel, which has been downloaded over 850,000 times.

See author's posts