The embeds also fail if you're using an addon like Smart Referer to (try to) your preserve privacy.
I'll try to file an issue and get itch.io & it's CDN properly added to the default whitelist.
@leafo, could you link me to an example of a legally/properly externally embeded itch.io game?
Also, can v6p9d9t4.ssl.hwcdn.net be safely harcoded? (or will a more generic exception be needed like *.ssl.hwcdn.net ?)
Meanwhile, to any other users like me, adding this exception did the trick:
Source | Destination |
*.itch.io | * |