diff --git a/index.js b/index.js
index 19de0f0..984b677 100644
--- a/index.js
+++ b/index.js
@@ -14,7 +14,8 @@ var defaultOptions = {
   debug: false,
   package: null,
   headingAnchorClass: 'anchor',
-  headingSvgClass: ['octicon', 'octicon-link']
+  headingSvgClass: ['octicon', 'octicon-link'],
+  allowDeprecatedYoutubeEmbeds: false
 }
 
 var marky = module.exports = function (markdown, options) {
diff --git a/lib/render.js b/lib/render.js
index 2ff03a3..07a2f1d 100644
--- a/lib/render.js
+++ b/lib/render.js
@@ -81,7 +81,6 @@ render.getParser = function (options) {
     .use(relaxedLinkRefs)
     .use(gravatar)
     .use(github, {package: options.package})
-    .use(youtube)
     .use(packagize, {package: options.package})
     .use(htmlHeading)
     .use(overrideLinkDestinationParser)
@@ -92,8 +91,11 @@ render.getParser = function (options) {
     parser.use(codeWrap)
           .use(fenceLanguageAliasing)
   }
+
   if (options.serveImagesWithCDN) parser.use(cdnImages, {package: options.package})
 
+  if (options.allowDeprecatedYoutubeEmbeds) parser.use(youtube)
+
   return githubLinkify(parser)
 }
 
diff --git a/lib/sanitize.js b/lib/sanitize.js
index d3587cc..dc7d74c 100644
--- a/lib/sanitize.js
+++ b/lib/sanitize.js
@@ -93,7 +93,9 @@ function getSanitizerConfig (options) {
 
       // Allow YouTube iframes
       if (frame.tag !== 'iframe') return false
-      return !String(frame.attribs.src).match(/^(https?:)?\/\/(www\.)?youtube\.com/)
+
+      var isYouTube = String(frame.attribs.src).match(/^(https?:)?\/\/(www\.)?youtube\.com/)
+      return !(isYouTube && options.allowDeprecatedYoutubeEmbeds)
     },
     transformTags: {
       'td': sanitizeCellStyle,
diff --git a/test/sanitize.js b/test/sanitize.js
index 21dc137..56b0007 100644
--- a/test/sanitize.js
+++ b/test/sanitize.js
@@ -58,10 +58,15 @@ describe('sanitize', function () {
     assert.equal($('s').text(), 'orange')
   })
 
-  it('disallows iframes from sources other than youtube', function () {
+  it('disallows all iframes by default', function () {
     var $ = cheerio.load(marky(fixtures.basic))
     assert(~fixtures.basic.indexOf('<iframe src="//www.youtube.com/embed/3I78ELjTzlQ'))
     assert(~fixtures.basic.indexOf('<iframe src="//malware.com'))
+    assert.equal($('iframe').length, 0)
+  })
+
+  it('allows iframes from youtube if `allowDeprecatedYoutubeEmbeds` is set to true', function () {
+    var $ = cheerio.load(marky(fixtures.basic, {allowDeprecatedYoutubeEmbeds: true}))
     assert.equal($('iframe').length, 2)
     assert.equal($('iframe').eq(0).attr('src'), '//www.youtube.com/embed/3I78ELjTzlQ')
     assert.equal($('iframe').eq(1).attr('src'), 'https://www.youtube.com/embed/DN4yLZB1vUQ')
diff --git a/test/youtube.js b/test/youtube.js
index 02c89fa..665a018 100644
--- a/test/youtube.js
+++ b/test/youtube.js
@@ -10,7 +10,7 @@ describe('youtube', function () {
   var iframes
 
   before(function () {
-    $ = cheerio.load(marky(fixtures.basic))
+    $ = cheerio.load(marky(fixtures.basic, {allowDeprecatedYoutubeEmbeds: true}))
     iframes = $('.youtube-video > iframe')
   })