I am looking for some guidance on an authentication issue related to AirPlay sessions for HLS streams. Our app currently uses token authentication for our HLS streams, but for AirPlay sessions we only authenticate on the master manifest since the user has already authenticated via the app and However, this does leave open the potential for someone to fake an AirPlay User-Agent and request rendition manifests and segments without authentication. We wouldn't be able to perform the token authentication on the AirPlay since we can't pass the custom header with the token across the AirPlay session boundaries. Support showed me a potential workaround of using " AVAssetResourceLoader", but that would not work in my case, as I don't have the ability to make changes on the iOS app. So that leads me to trying to solve this issue at the CDN level. What I would like to do is try and verify that requests are coming from valid AirPlay devices/sessions by checking for headers that are included specifically for an AirPlay session. Searching online led me to these two possible headers, " X-Apple-Device-ID: X-Apple-Session-ID: " ,but I have not been able to see them when checking on the CDN. Is there any documentation on default/standard headers that would/should appear in AirPlay requests? Thanks