# HTTP headers
The `restUserHTTPHeaders` property allows you to configure WSE REST API HTTP headers from your WSE server's `Server.xml` configuration file.
The value for this property is a pipe-delimited list of `header:value` pairs, as shown below.
```html
restUserHTTPHeaders
header1:value1|header2:value2A,value2B|header3:value3
```
You can add the `restUserHTTPHeaders` property and cross-origin resource sharing (CORS) `header:value` pairs to your WSE configuration in the WSE Manager.
## Add HTTP headers to WSE Manager
1. Navigate to WSE Manager.
2. Click the `Server` tab.
3. In the contents lick `Server Setup` in the contents panel.
4. In the `Server Setup` page, click the `Properties` tab.
5. In the `Quick Links` bar, click `Custom`.
Note
Access to the `Properties` tab is limited to administrators with advanced permissions.
For more information, see the administrator getting started guide.
1. In the `Custom` area, click `Edit`
2. Click `Add Custom Property`.
3. In the `Add Custom Property` dialog box:
- `Path`: Select `/Root/Server/RESTInterface`
- `Name`: Enter `restUserHTTPHeaders`
- `Type`: Select `String`
- `Value`: Enter any combination of desired CORS `header:value` pairs in a pipe-delimited list. For details and examples, see [Configure CORS header properties](#configure-cors-header-properties)
4. Click **Add**, click **Save**, and then restart the Wowza Streaming Engine.
## Add HTTP headers to WSE's Server.xml file
1. Navigate to `[install-dir]/conf`.
2. Open `Server.xml`.
3. Add the `restUserHTTPHeaders` property to the `/` element as shown below.
```html
restUserHTTPHeaders
header1:value1|header2:value2A,value2B|header3:value3
```
For details and examples of CORS `header:value` pairs, see [Configure CORS header properties](#configure-cors-header-properties).
1. Save your changes and restart Wowza Streaming Engine.
## Configure CORS header properties
Note
CORS headers are enabled by default in the Wowza Streaming Engine 4.5.0 and later REST API.
To enable CORS for specific domains, such as `foo.example` and `bar.test`, specify:
```html
restUserHTTPHeaders
Access-Control-Allow-Origin:http://foo.example,http://bar.test
```
By default, CORS only allows the GET, HEAD, and POST request methods.
To enable all WSE REST API request methods, add the CORS `Access-Control-Allow-Methods` header, specify:
```html
restUserHTTPHeaders
Access-Control-Allow-Origin:http://foo.example,http://bar.test|Access-Control-Allow-Methods:OPTIONS,GET,PUT,DELETE,POST
```
To allow the browser to access specific REST API headers, add the CORS `Access-Control-Allow-Headers` header, specify:
```html
restUserHTTPHeaders
Access-Control-Allow-Origin:http://foo.example,http://bar.test|Access-Control-Allow-Methods:OPTIONS,GET,PUT,DELETE,POST|Access-Control-Allow-Headers:Content-Type,My-Custom-Header
```
The `restUserHTTPHeaders` property value can also have a custom HTTP header.
For example, to add `My-Custom-Header` to the REST API response, specify:
```html
restUserHTTPHeaders
My-Custom-Header:[HeaderValue]
```