try to embed video via javascript, like call request to https://noembed.com/embed?nowrap=on&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DrY-FJvRqK0E&_=1718791035622
you will get an error that noembed.com has not CORS configured:
Access to XMLHttpRequest at 'https://noembed.com/embed?nowrap=on&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DrY-FJvRqK0E&_=1718791035620' from origin 'https://yourdomain.com' has been blocked by CORS policy: Request header field x-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response.
Steps to reproduce:
https://noembed.com/embed?nowrap=on&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DrY-FJvRqK0E&_=1718791035622