HTTPS Header Enrichment

Enea TLS Manager enables mobile network operators to maintain full visibility and control over HTTPS traffic through intelligent, secure termination of encrypted sessions. Built for high-performance environments, it facilitates advanced traffic management and HTTP header enrichment — helping operators deliver differentiated enterprise services, enforce policies, and integrate real-time context, even when traffic is encrypted.

TLS Manager supports secure traffic termination and inspection for the following key use cases:

• HTTPS connections
• HTTP-to-HTTPS redirection and enforcement
• HTTPS-to-HTTP conversion (for policy-based offload or compatibility with legacy systems)

In today’s networks, these capabilities are essential to manage encrypted traffic effectively while still delivering value-added services, maintaining security policies, and ensuring a seamless user experience.

• Maintain Visibility in Encrypted Environments: TLS Manager restores traffic-level insight and service differentiation in an increasingly encrypted internet landscape, allowing CSPs to sustain subscriber-aware services.
• Enable Secure and Policy-Compliant Header Enrichment: Operators can enrich HTTPS sessions with subscriber metadata — critical for enterprise authentication and localized service delivery — all within a secure, controlled framework.
• Seamless Integration with Traffic Management Functions: By connecting with the broader Enea Openwave Traffic Management suite, TLS Manager becomes part of a powerful ecosystem that enables optimization, control, and monetization of user traffic.
• Protect Subscriber Privacy: TLS Manager ensures that HTTPS mediation is selective and certificate-controlled, preserving trust relationships and complying with regulatory standards.

As HTTPS adoption grows, mobile network operators face new challenges in managing subscriber-aware services. Traditionally, HTTP Header Enrichment has allowed operators to seamlessly authenticate users, route traffic based on location or identity as well as personalize services and apply content policies. However, encryption hides these headers, making it difficult to enforce policies or enable enterprise-grade services. Enea TLS Manager solves this challenge by enabling selective and secure HTTPS mediation — decrypting traffic when appropriate, applying traffic management policies, and re-encrypting it before forwarding — all while remaining compliant with operator policies and privacy standards.

HTTPS Header Enrichment for Enterprise Services

TLS Manager enables operators to enrich HTTPS traffic with unspoofable, real network identifiers — such as subscriber ID or IP address — in a secure and privacy-compliant manner. This is essential for:

• Seamless user authentication (e.g., for banking, telecom service apps or enterprise apps)
• Region-specific content delivery
• Customer-specific routing

Secure HTTPS Offload & Onload

Operators can selectively offload or re-encrypt traffic based on destination, source IP, or domain name. This supports:

• Legacy systems that require HTTP
• Policy-driven HTTPS-to-HTTP conversion for inspection
• Traffic re-encryption for onward delivery to third-party services

Context-Aware Policy Enforcement

TLS Manager can invoke enrichment and policy actions based on dynamic context, such as:

• Time of day

• User session type (identified via HTTP data)

• Control plane signals (e.g., Gx, Radius)
• External databases (e.g., LDAP)

TLS Manager acts on all relevant traffic flows to enable secure and intelligent service delivery:

• Transparently intercepts both encrypted (HTTPS) and unencrypted (HTTP) traffic

• Decrypts TLS traffic using operator-approved certificates

• Re-encrypts traffic using operator or content provider certificates

• Facilitates advanced traffic management services without compromising privacy

HTTPS Mediation and Termination

TLS Manager acts as a transparent TLS tunnel endpoint, securely decrypting HTTPS traffic and making the content visible to licensed Enea Traffic Management services. When a user initiates a secure connection (e.g., via a browser or app), the solution provides a CSP-approved substitute certificate, impersonating the origin server while preserving end-user trust and privacy.

Certificate Management

Operators can manually load substitute certificates for selected origin servers. TLS Manager validates each certificate against the user’s root store to maintain trust. This targeted approach ensures HTTPS header enrichment only occurs on predefined domains, minimizing exposure.

Selective HTTPS Mediation

Using IP address filtering (IPv4 or IPv6 ranges with CIDR notation), TLS mediation can be selectively applied to specific sites or services. This ensures that only traffic requiring enrichment or inspection is decrypted, optimizing resource use and aligning with regulatory policies.

Flexible Service Invocation

TLS Manager integrates with licensed Enea Openwave Traffic Management modules. Once HTTPS traffic is decrypted, these services can be invoked on a per-session basis for applications such as:

• HTTP Header Enrichment
• Video Stream Optimization
• Enterprise/Parent Control and Content Filtering
• Traffic Classification & Reporting

Comprehensive OAM Interface

TLS Manager includes a centralized Operations, Administration & Management (OAM) GUI, offering mobile network operators a single point of control across all deployed Enea Traffic Management products. This simplifies configuration, monitoring, and policy enforcement.

The TLS Manager solution is deployed inline at the Gi interface, processing all IP traffic flowing through the operator’s network. It uses a high-performance Vector Packet Processing (VPP) module to intercept, inspect, and extract relevant metadata at both ingress and egress points. This data feeds into the Contextual Application Orchestration engine for real-time service logic execution.