Certain youtube.com videos not playing when routing via WSS


Article ID: 242114


Updated On:


Web Security Service - WSS


Some users in remote locations are having issues accessing certain YouTube videos. This is not happening for all YouTube videos.

A HAR file shows HTTP 403 responses coming from googlevideo.com.



There are 2 URLs in play while watching Youtube videos, youtube.com and googlevideo.com. First connection is made on "youtube.com" and then redirection happens to "googlevideo.com" which is responsible to loading to videos.

Youtube.com traffic is not bypassed (by default), making it go through WSS. However, googlevideo.com is bypassed from WSS by default, therefore, all traffic to this domain goes DIRECT for access methods such as WSS Agent and Explicit proxy.

Therefore, the traffic is being split and YouTube is issuing HTTP 403 - Forbidden error, for the googlevideo.com requests.

In the case of YouTube web app all links / requests are loaded from the base.js file. It is most likely that YouTube is requiring the base.js file to be loaded from the same location (or at least country) that makes the requests for googlevideo.com.



Web Security Service


We need to make egress location/IP same for both youtube.com and googlevideo.com in order to resolve this. There are basically two ways. You can follow step# 2 if step# 1 does not work for any reason.

  1. Make explicit proxy configuration to same geo-located WSS Datapod as your egress IP. You can refer below document to configure it,
  2. Remove bypass for "googlevideo.com" as below,
    • Remove googlevideo.com from the WSS bypasses in the WSS portal > Connectivity > Bypassed Traffic > Domains.
    • Add googlevideo.com to the TLS/SSL exemptions list - Set to Do Not Intercept.