What is the difference between youtube.com and youtube-nocookie.com embeds?

youtube-nocookie.com is YouTube's privacy-enhanced mode. The key difference: standard youtube.com embeds place cookies immediately on page load. youtube-nocookie.com only places cookies when the visitor clicks play. Neither approach places zero cookies — they just differ in when.

Does youtube-nocookie.com mean no cookies at all?

No. Despite the name, youtube-nocookie.com still places cookies — it just delays them until the visitor plays the video. The name is misleading: it means 'no cookie before playback,' not 'no cookie at all.'

Is using youtube-nocookie.com enough for GDPR compliance?

It's better than the standard embed, but not fully compliant under a strict interpretation of Dutch law. Cookies are still placed when the video is played. For full compliance, use a click-to-load facade so users actively choose to load the video — and know that cookies will be placed.

GDPR & Privacy

YouTube Embed Privacy: What youtube-nocookie.com Actually Does

Steven | TrustYourWebsite · 6 April 2026

"Just use youtube-nocookie.com" is the advice you will find on dozens of GDPR guides. But what does it actually do? Does it live up to its name? And is it enough for compliance?

This article gives you the technical reality rather than the marketing claim.

The Name Is Misleading

"youtube-nocookie.com" does not mean no cookies. It means cookies are not placed before the visitor plays the video. When someone clicks play, cookies are placed exactly as they would be with a standard youtube.com embed.

YouTube's own documentation calls this "privacy-enhanced mode" — a more accurate description.

What Happens With Each Embed Type

Standard youtube.com embed

<iframe src="https://www.youtube.com/embed/VIDEO_ID"></iframe>

On page load (immediately):

Browser connects to www.youtube.com
YouTube sets cookies: VISITOR_INFO1_LIVE, YSC, GPS
Visitor's IP address is sent to Google
Tracking begins before any interaction

When visitor clicks play:

Additional tracking data is sent
View history is recorded to the visitor's profile (if logged into Google)

youtube-nocookie.com embed

<iframe src="https://www.youtube-nocookie.com/embed/VIDEO_ID"></iframe>

On page load:

Browser connects to www.youtube-nocookie.com (a different endpoint)
No tracking cookies are placed
The visitor's IP address is still sent to Google's server (to load the video player interface)
No VISITOR_INFO1_LIVE, YSC, or GPS cookies

When visitor clicks play:

YouTube sets cookies: VISITOR_INFO1_LIVE, YSC, GPS (same as standard embed)
Viewing data is sent to Google
Behaviour is tracked as normal from this point forward

The Thumbnail Problem

Even with youtube-nocookie.com, standard implementations load the video thumbnail from YouTube's servers:

<!-- Thumbnail URL format -->
<img src="https://i.ytimg.com/vi/VIDEO_ID/hqdefault.jpg">

Loading this image sends the visitor's IP address to i.ytimg.com (a Google-owned domain) before any interaction with the video. For maximum privacy, download and host thumbnails yourself.

Technical Analysis: What Gets Sent on Page Load

To test what happens on page load, open developer tools (F12 → Network tab) before loading a page with each embed type.

Standard youtube.com embed (before clicking play):

Requests to: www.youtube.com, static.doubleclick.net, www.google.com
Cookies set: VISITOR_INFO1_LIVE, YSC, GPS, NID, CONSENT

youtube-nocookie.com embed (before clicking play):

Requests to: www.youtube-nocookie.com, i.ytimg.com (thumbnail)
Cookies set: None (or only functional, non-tracking cookies)

The difference is significant — but not absolute. Some data (IP address, User-Agent) is still sent to Google to load the player interface, even without cookies.

The Myth of "No Data Transfer"

Some resources claim youtube-nocookie.com means "no data is sent to Google." This is incorrect. To load the video player — even without cookies — the browser makes HTTP requests to Google's servers. These requests include:

Your visitor's IP address (in the HTTP request headers)
Browser User-Agent string
The referring page URL

Google receives these even in nocookie mode. They just do not set persistent tracking cookies in the visitor's browser on page load.

Whether IP address transfer without cookie placement is sufficient to satisfy GDPR depends on:

Whether the IP address transfer constitutes personal data processing (yes, per GDPR Article 4(1))
Whether there is a valid legal basis for this processing (GDPR Article 6)
Whether the transfer is to a third country (Google's servers may be in the US — covered by the EU-US Data Privacy Framework since July 2023)

Strictly interpreted, even the IP transfer to Google requires either consent or a legitimate interest assessment. But in practice, most GDPR practitioners treat youtube-nocookie.com as a reasonable pragmatic approach for non-essential videos.

When youtube-nocookie.com Is Sufficient

In practice, youtube-nocookie.com is widely accepted as a compliant approach for embedding videos when:

You use it in combination with a note in your privacy policy that YouTube is used and that clicking play sends data to Google
Your cookie banner (if you have one for other reasons) handles the case where the visitor plays a video
The video is supplementary content — not the primary service your website provides

It is less defensible when:

Video playback is core to your service (video platform, training site)
You serve audiences who have explicitly opted out of Google tracking
You want zero data transfer to Google before any user action

Comparison: All YouTube Embedding Approaches

Approach	Cookies on load	Data to Google on load	Cookies on play
Standard youtube.com	Yes	Yes	Yes
youtube-nocookie.com	No	Yes (IP only)	Yes
Click-to-load + youtube-nocookie.com	No	No (until click)	Yes (after click)
Click-to-load + self-hosted thumbnail	No	No (until click)	Yes (after click)
No YouTube embed (link instead)	No	No	No

For the implementation of click-to-load with copy-paste code, see our YouTube embed GDPR guide.

Practical Recommendation

For most Dutch business websites:

Replace standard youtube.com embeds with youtube-nocookie.com — this is a quick win that eliminates cookies on page load
Add a privacy policy note about YouTube being used for video content
Consider click-to-load if you want maximum compliance or are building a consent-first website

If your website already has a compliant cookie banner that blocks tracking until consent, you can load standard YouTube embeds after the visitor consents to marketing/social cookies — but youtube-nocookie.com is still better practice in case the visitor rejects.

This article is technical analysis, not legal advice. Consult a lawyer for advice specific to your situation.

Check your website now

Scan your website for GDPR & Privacy issues and 30+ other checks.

Scan your site free

Website Guides

Cookie Banner Dark Patterns: What They Are and Why They're Illegal

The EDPB taxonomy of cookie banner dark patterns: 12 manipulative design techniques that make consent invalid under GDPR. With examples and what to use instead.

Cookie Banner Requirements in the Netherlands (2026)

What must a Dutch cookie banner look like to be compliant? The AP's 9 rules, what counts as valid consent, and what gets businesses fined.

Data Breach Reporting in the Netherlands: The 72-Hour Decision Tree

Must you report a data breach to the Dutch DPA (AP)? A 72-hour decision tree for small businesses: what counts as a reportable breach, what to include, and deadlines.