Google today announced of rolling out HTTPS, to YouTube other parts of the site, in addition to login process, which already uses HTTPS to encrypt sensitive data. "The first place you may see HTTPS YouTube URLs is in various embed codes, all of which currently support HTTPS in addition to the standard HTTP. Anyone can try HTTPS with YouTube embeds today--simply change the protocol portion of the URL from http to https. For e.g., http://www.youtube.com/embed/Zhawgd0REhA becomes https://www.youtube.com/embed/Zhawgd0REhA. This applies to URLs found in our newer
<iframe> embeds as well as our older-style
<object> + <embed> codes," explains Google.
"If any of your existing code attempts to parse YouTube embed URLs that're entered by end-users, it's important that you support both HTTP and HTTPS as the URL's protocol across all the varieties of YouTube embed codes.
Most web browsers will warn users when they access web pages via HTTPS that contain embedded content loaded via HTTP. If your main site is currently accessed via HTTPS, using new HTTPS URLs for your YouTube embeds will prevent your users from running into that warning," explains Google.
If your site can be accessed either via HTTP or HTTPS, you could employ protocol-relative URLs instead of hardcoding a value; //www.youtube.com/ will automatically resolve to HTTP or HTTPS depending on the protocol used by the host page.