Don't forget about http non-ssl
Please add https AND http to your frame-ancestors content-security-policy header.
Anonymous shared this idea
Twitch embeds can only be embedded on HTTPS sites. The only exception to this rule is when the parent value is set to `localhost` or an IP address in the `127.0.0.1/8` range, in which case we assume HTTP and port 80.