AWS Amplify
Console User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Custom Headers

Custom HTTP headers allow you to specify headers for every HTTP response. Response headers can be used for debugging, security, and informational purposes. Define custom header rules for your app as follows:

  1. From the navigation bar on the left, choose App Settings > Build Settings, and then choose Edit to edit your buildspec.

  2. In the frontend section of the YML file, add the custom headers for your app as follows:

version: 0.1 frontend: phases: build: post_build: artifacts: baseDirectory: customHeaders: - pattern: '*.json' headers: - key: 'custom-header-name-1' value: 'custom-header-value-1' - key: 'custom-header-name-2' value: 'custom-header-value-2' - pattern: '/path/*' headers: - key: 'custom-header-name-1' value: 'custom-header-value-2'
  • pattern - Headers applied to all URL file paths that match the pattern.

  • headers - Define headers that match the file pattern. The key is the custom header name and the value is the custom header value.

  • To learn more about HTTP headers, please see Mozilla's documentation for a list of HTTP headers.

  1. Choose Save. Your custom header settings will now be applied to your app.

Example: Security Headers

The following security headers enable enforcing HTTPS, preventing XSS attacks, and defending your browser against clickjacking. Add it to your app's buildspec and choose Save to apply the custom header settings.

customHeaders: - pattern: '**/*' headers: - key: 'Strict-Transport-Security' value: 'max-age=31536000; includeSubDomains' - key: 'X-Frame-Options' value: 'SAMEORIGIN' - key: 'X-XSS-Protection' value: '1; mode=block' - key: 'X-Content-Type-Options' value: 'nosniff' - key: 'Content-Security-Policy' value: 'default-src self'