# HTTP headers The `restUserHTTPHeaders` property allows you to configure WSE REST API HTTP headers from your WSE server's `Server.xml` configuration file. The value for this property is a pipe-delimited list of `header:value` pairs, as shown below. ```html restUserHTTPHeaders header1:value1|header2:value2A,value2B|header3:value3 ``` You can add the `restUserHTTPHeaders` property and cross-origin resource sharing (CORS) `header:value` pairs to your WSE configuration in the WSE Manager. ## Add HTTP headers to WSE Manager 1. Navigate to WSE Manager. 2. Click the `Server` tab. 3. In the contents lick `Server Setup` in the contents panel. 4. In the `Server Setup` page, click the `Properties` tab. 5. In the `Quick Links` bar, click `Custom`. Note Access to the `Properties` tab is limited to administrators with advanced permissions. For more information, see the administrator getting started guide. 1. In the `Custom` area, click `Edit` 2. Click `Add Custom Property`. 3. In the `Add Custom Property` dialog box: - `Path`: Select `/Root/Server/RESTInterface` - `Name`: Enter `restUserHTTPHeaders` - `Type`: Select `String` - `Value`: Enter any combination of desired CORS `header:value` pairs in a pipe-delimited list. For details and examples, see [Configure CORS header properties](#configure-cors-header-properties) 4. Click **Add**, click **Save**, and then restart the Wowza Streaming Engine. ## Add HTTP headers to WSE's Server.xml file 1. Navigate to `[install-dir]/conf`. 2. Open `Server.xml`. 3. Add the `restUserHTTPHeaders` property to the `/` element as shown below. ```html restUserHTTPHeaders header1:value1|header2:value2A,value2B|header3:value3 ``` For details and examples of CORS `header:value` pairs, see [Configure CORS header properties](#configure-cors-header-properties). 1. Save your changes and restart Wowza Streaming Engine. ## Configure CORS header properties Note CORS headers are enabled by default in the Wowza Streaming Engine 4.5.0 and later REST API. To enable CORS for specific domains, such as `foo.example` and `bar.test`, specify: ```html restUserHTTPHeaders Access-Control-Allow-Origin:http://foo.example,http://bar.test ``` By default, CORS only allows the GET, HEAD, and POST request methods. To enable all WSE REST API request methods, add the CORS `Access-Control-Allow-Methods` header, specify: ```html restUserHTTPHeaders Access-Control-Allow-Origin:http://foo.example,http://bar.test|Access-Control-Allow-Methods:OPTIONS,GET,PUT,DELETE,POST ``` To allow the browser to access specific REST API headers, add the CORS `Access-Control-Allow-Headers` header, specify: ```html restUserHTTPHeaders Access-Control-Allow-Origin:http://foo.example,http://bar.test|Access-Control-Allow-Methods:OPTIONS,GET,PUT,DELETE,POST|Access-Control-Allow-Headers:Content-Type,My-Custom-Header ``` The `restUserHTTPHeaders` property value can also have a custom HTTP header. For example, to add `My-Custom-Header` to the REST API response, specify: ```html restUserHTTPHeaders My-Custom-Header:[HeaderValue] ```