Transom Cloudflare
Add the COEP header
Section titled “Add the COEP header”In the Cloudflare dashboard, go to Rules → Transform Rules → Modify Response Header and create a rule:
| Setting | Value |
|---|---|
| Name | COEP for Video Scribe |
| When | All incoming requests (or filter to your hostname) |
| Then | Set Cross-Origin-Embedder-Policy = credentialless |
Do not add COOP here
Section titled “Do not add COOP here”Do not add Cross-Origin-Opener-Policy through Cloudflare. It would go on the front-end, which severs the cross-origin postMessage channel Craft’s Live Preview uses between the CP and the preview iframe on different subdomains.
The plugin’s PHP already sets COOP: same-origin on CP responses.
Third-party iframes
Section titled “Third-party iframes”If your templates embed YouTube or Vimeo, add credentialless to each <iframe>:
<iframe src="https://www.youtube-nocookie.com/embed/..." credentialless></iframe>See Server setup overview for the full explanation.