@clarity Thank you for your attention to my question.
I don’t have a complete solution to fully hide X-Auth-Key or X-Auth-Email in Uppy while client-side script (javascript) always show up to the browser source, so anyone can take that and directly upload videos to my account.
My temporary way right now is writing a server-side code (PHP) using Tus library to upload file to CloudFlare stream instead of using Uppy, that hurt me at the bottom because I have to do a lot of work, but no way for me.