Interface IResponseHeadersXSSProtection

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value.

Namespace: Amazon.CDK.AWS.CloudFront

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public interface IResponseHeadersXSSProtection

Syntax (vb)

Public Interface IResponseHeadersXSSProtection

Remarks

ExampleMetadata: infused

Examples

// Using an existing managed response headers policy
            S3Origin bucketOrigin;

            new Distribution(this, "myDistManagedPolicy", new DistributionProps {
                DefaultBehavior = new BehaviorOptions {
                    Origin = bucketOrigin,
                    ResponseHeadersPolicy = ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS
                }
            });

            // Creating a custom response headers policy -- all parameters optional
            var myResponseHeadersPolicy = new ResponseHeadersPolicy(this, "ResponseHeadersPolicy", new ResponseHeadersPolicyProps {
                ResponseHeadersPolicyName = "MyPolicy",
                Comment = "A default policy",
                CorsBehavior = new ResponseHeadersCorsBehavior {
                    AccessControlAllowCredentials = false,
                    AccessControlAllowHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
                    AccessControlAllowMethods = new [] { "GET", "POST" },
                    AccessControlAllowOrigins = new [] { "*" },
                    AccessControlExposeHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
                    AccessControlMaxAge = Duration.Seconds(600),
                    OriginOverride = true
                },
                CustomHeadersBehavior = new ResponseCustomHeadersBehavior {
                    CustomHeaders = new [] { new ResponseCustomHeader { Header = "X-Amz-Date", Value = "some-value", Override = true }, new ResponseCustomHeader { Header = "X-Amz-Security-Token", Value = "some-value", Override = false } }
                },
                SecurityHeadersBehavior = new ResponseSecurityHeadersBehavior {
                    ContentSecurityPolicy = new ResponseHeadersContentSecurityPolicy { ContentSecurityPolicy = "default-src https:;", Override = true },
                    ContentTypeOptions = new ResponseHeadersContentTypeOptions { Override = true },
                    FrameOptions = new ResponseHeadersFrameOptions { FrameOption = HeadersFrameOption.DENY, Override = true },
                    ReferrerPolicy = new ResponseHeadersReferrerPolicy { ReferrerPolicy = HeadersReferrerPolicy.NO_REFERRER, Override = true },
                    StrictTransportSecurity = new ResponseHeadersStrictTransportSecurity { AccessControlMaxAge = Duration.Seconds(600), IncludeSubdomains = true, Override = true },
                    XssProtection = new ResponseHeadersXSSProtection { Protection = true, ModeBlock = false, ReportUri = "https://example.com/csp-report", Override = true }
                },
                RemoveHeaders = new [] { "Server" },
                ServerTimingSamplingRate = 50
            });
            new Distribution(this, "myDistCustomPolicy", new DistributionProps {
                DefaultBehavior = new BehaviorOptions {
                    Origin = bucketOrigin,
                    ResponseHeadersPolicy = myResponseHeadersPolicy
                }
            });

Synopsis

Properties

ModeBlock	A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.
Override	A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.
Protection	A Boolean that determines the value of the X-XSS-Protection HTTP response header.
ReportUri	A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header.

Properties

ModeBlock

A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.

bool? ModeBlock { get; }

Property Value

bool?

Remarks

Default: false

Override

A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

bool Override { get; }

Property Value

bool

Remarks

ExampleMetadata: infused

Protection

A Boolean that determines the value of the X-XSS-Protection HTTP response header.

bool Protection { get; }

Property Value

bool

Remarks

When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.

ReportUri

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header.

string? ReportUri { get; }

Property Value

string

Remarks

You cannot specify a ReportUri when ModeBlock is true.

Default: - no report uri