Table of Contents
YouTube
PO Token Guide
Proof of Origin (PO) token is a parameter that YouTube requires to be sent with video playback requests from some clients. Without it, requests for the affected clients' format URLs may return HTTP Error 403, or result in your account or IP address being blocked.
This token is generated by BotGuard (Web) / DroidGuard (Android) to attest the requests are coming from a genuine client. This guide will be assuming the use of a PO Token generated by BotGuard, for use with the web
client.
For PO Tokens generated by BotGuard, when logged out, the PO Token is bound to a Visitor ID. This Visitor ID is found in the
VISITOR_INFO1_LIVE
cookie, or in thevisitorData
value which is sent with Innertube API requests. When logged in, the PO Token is bound to the account Session ID (part of the Data Sync ID), rather than the Visitor ID.
Manually acquiring a PO Token from a browser for use when logged out
This process goes through manually obtaining a PO Token generated on YouTube in a web browser, and then manually passing that to yt-dlp via the po_token
extractor argument.
Steps:
- Open YouTube Music or YouTube Embedded (e.g. https://www.youtube.com/embed/aqz-KE-bpKQ) in a browser. Make sure you are not logged in to any account!
- Open any video
- Open the developer console (F12), then go to the "Network" tab and filter by
v1/player
- Click the video to play and a player request will appear in the network tab
- In the request payload JSON, find the PO Token at
serviceIntegrityDimensions.poToken
and save that value - Export cookies from the browser
- Pass the PO Token to yt-dlp using
--extractor-args "youtube:player-client=web,default;po_token=web+PO_TOKEN_VALUE_HERE"
with cookies (--cookies COOKIES_FILE
)
Addendum:
- You can also get the PO Token from any of the
videoplayback
URLs (it is thepot
query parameter). - You can also use
--cookies-from-browser
if that is pointed to the browser session with the same logged-out session you extracted the PO Token from.
Passing Visitor Data without cookies
In some cases, you may not want to use cookies and instead pass Visitor Data to use in Innertube API requests.
Warning
This method is not recommended for most cases. It requires skipping webpage requests so that the
VISITOR_INFO1_LIVE
cookie does not interfere. This results in more requests needing to be sent as well as less stable extraction.
You can do this with:
--extractor-args "youtube:player-client=web,default;player-skip=webpage,configs;po_token=web+PO_TOKEN_VALUE_HERE;visitor_data=VISITOR_DATA_VALUE_HERE"
Manually acquiring a PO Token from a browser for use when logged in
The process for obtaining a PO Token for use when yt-dlp is logged into an account is similar to the above. The PO Token obtained should work with either cookies or OAuth.
Steps:
- Open YouTube Music in a browser, and log in with the user you are using with yt-dlp
- Open any video
- Follow steps 3-5 above
- Pass the PO Token to yt-dlp using
--extractor-args "youtube:player-client=web;po_token=web+PO_TOKEN_VALUE_HERE"
with your method of auth (cookies or OAuth)
Note only the web
client is used above example (instead of web
and default
). When logged in, it is recommended to explicitly supply a PO token to all clients used to help avoid getting your account blocked.
- If you want to use another client such as
mweb
, you should appendmweb+PO_TOKEN_VALUE_HERE
to thepo_token
argument and appendmweb
to theplayer-client
argument.
If you are using cookies, see Exporting YouTube Cookies on how to export cookies without them being invalidated.
Other methods of acquiring a PO Token
Plugins
- yt-dlp-get-pot by coletdjnz
- A plugin framework for yt-dlp to support fetching PO Tokens from external providers
Exporting YouTube cookies
If you are unfamiliar with the basics of exporting cookies and passing them to yt-dlp, then first see How do I pass cookies to yt-dlp?
YouTube rotates cookies frequently on open YouTube browser tabs as a security measure. To export cookies that will remain working with yt-dlp, you will need to export cookies in such a way that they are never rotated.
One way to do this is through a private browsing/incognito window:
- Open a new private browsing/incognito window and log into YouTube
- Open a new tab and close the YouTube tab
- Export cookies from the browser then close the private browsing/incognito window so the session is never opened in the browser again.
Logging in with OAuth
Caution
Due to new restrictions enacted by YouTube, logging in with OAuth no longer works with yt-dlp. You should use cookies instead.