Is there a way to enable HSTS for the Streaming Engine? It is mentioned in the docs for enabling HTTPS for the Manager (https://www.wowza.com/docs/how-to-connect-to-wowza-streaming-engine-manager-over-https), but I couldn’t find anything in the docs for the Streaming Engine.
You can add custom headers to HTTP responses via the following property
Name: httpUserHTTPHeaders
Path: /Root/Application/HTTPStreamer
Type: String
Value: Key:Value
(where Key:Value = the header to add)
You can add multiple headers by delimiting them with the pipe (|) character.
You can optionally only add headers for particular playback types by changing the name to [lower-case-protocol-type]UserHTTPHeaders, e.g. for Apple HLS that would be cupertinoUserHTTPHeaders.
Here is an example
httpUserHTTPHeaders
strict-transport-security: max-age=31536000; includeSubDomains
String
Do note though that adding this HTTPStreamer property httpUserHTTPHeaders with the value of Strict-Transport-Security: max-age=31536000; includeSubDomains will impact all HTTP requests to that application (i.e. they would all have to be over HTTPS once the cookie is set on the client-side).
Thanks, that works for applications. Should that also work for HTTPProviders? When I look at https://www.wowza.com/docs/how-to-configure-date-headers-for-http-responses-from-http-providers it seems to be possible to set properties for providers, or even globally, but that didn’t seem to work with a httpUserHTTPHeaders property.