interface XSSProtectionProperty
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.CloudFront.CfnResponseHeadersPolicy.XSSProtectionProperty |
Java | software.amazon.awscdk.services.cloudfront.CfnResponseHeadersPolicy.XSSProtectionProperty |
Python | aws_cdk.aws_cloudfront.CfnResponseHeadersPolicy.XSSProtectionProperty |
TypeScript | @aws-cdk/aws-cloudfront » CfnResponseHeadersPolicy » XSSProtectionProperty |
Determines whether CloudFront includes the X-XSS-Protection
HTTP response header and the header's value.
For more information about the X-XSS-Protection
HTTP response header, see X-XSS-Protection in the MDN Web Docs.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as cloudfront from '@aws-cdk/aws-cloudfront';
const xSSProtectionProperty: cloudfront.CfnResponseHeadersPolicy.XSSProtectionProperty = {
override: false,
protection: false,
// the properties below are optional
modeBlock: false,
reportUri: 'reportUri',
};
Properties
Name | Type | Description |
---|---|---|
override | boolean | IResolvable | A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy. |
protection | boolean | IResolvable | A Boolean that determines the value of the X-XSS-Protection HTTP response header. |
mode | boolean | IResolvable | A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header. |
report | string | A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header. |
override
Type:
boolean |
IResolvable
A Boolean that determines whether CloudFront overrides the X-XSS-Protection
HTTP response header received from the origin with the one specified in this response headers policy.
protection
Type:
boolean |
IResolvable
A Boolean that determines the value of the X-XSS-Protection
HTTP response header.
When this setting is true
, the value of the X-XSS-Protection
header is 1
. When this setting is false
, the value of the X-XSS-Protection
header is 0
.
For more information about these settings, see X-XSS-Protection in the MDN Web Docs.
modeBlock?
Type:
boolean |
IResolvable
(optional)
A Boolean that determines whether CloudFront includes the mode=block
directive in the X-XSS-Protection
header.
For more information about this directive, see X-XSS-Protection in the MDN Web Docs.
reportUri?
Type:
string
(optional)
A reporting URI, which CloudFront uses as the value of the report
directive in the X-XSS-Protection
header.
You cannot specify a ReportUri
when ModeBlock
is true
.
For more information about using a reporting URL, see X-XSS-Protection in the MDN Web Docs.