CSP Error for Frames

I was following a tutorial to embed YouTube videos: HTML YouTube Videos.

I copied their example here: https://cuttingedgediscoveries.com/youtube.html. And my browser’s throwing an error message:

Refused to frame 'https://www.youtube.com/' because it violates the following Content Security Policy directive: "child-src 'self'". Note that 'frame-src' was not explicitly set, so 'child-src' is used as a fallback.

The code seems to work when I run it on W3Schools’ sandbox: W3Schools Tryit Editor.

Could Hestia be doing anything to cause this?

(I’m just trying to narrow down possible causes.)