Example URL:
https://www.tkach-law.com/lp-dallas-skyline-across-trinity-at-flood

Steps to reproduce the problem:
1. Attempt to play any video using HLS (for example, at provided URL)
2. Only a null referer is sent
3. However, full referer is sent from same browser/device if requesting MP4 (see https://www.tkach-law.com/lp-dallas-skyline-across-trinity-at-flood-mp4)

What is the expected behavior?
If full referer is sent, it passes Amazon AWS WAF filter for authorized sites and video plays. With a null referer WAF rejects request as unauthorized with Forbidden error. However, all requests with the full referer are honored and the file is served

What went wrong?
On the request of a .m3u8 manifest file (for HLS streaming) Chrome+Android sends only a null referer. Therefore, WAF (web application firewall) rejects request.

Also, Chrome+Android doesn't respond to 403 error; just continues to wait without timing out.

Chrome on desktop sends a full referer and does all iOS devices and all other desktop browsers.

Did this work before? N/A 

Chrome version: 58.0.3029.83  Channel: stable
OS Version: 5.0.2
Flash Version: None

The URL shown above uses JWPlayer but I can recreate the exact same issue if using HTML5 <video> tag. JWPlayer on Chrome+Android relies totally on Chrome+Android inherient video abilities. This was confirmed with Cloudfront logs showing only null referer on all .m3u8 requests from Chrome+Android devices. v59 not yet available to me in Play but can recreate same issue on Chrome Beta v60.

The MP4 version of the same page that send a full referer is https://www.tkach-law.com/lp-dallas-skyline-across-trinity-at-flood-mp4

See more details at https://productforums.google.com/forum/#!topic/chrome/3irwxyZYQBU