CreateResponseHeadersPolicy - Amazon CloudFront

CreateResponseHeadersPolicy

Creates a response headers policy.

A response headers policy contains information about a set of HTTP response headers and their values. To create a response headers policy, you provide some metadata about the policy, and a set of configurations that specify the response headers.

After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it’s attached to a cache behavior, CloudFront adds the headers in the policy to HTTP responses that it sends for requests that match the cache behavior.

Request Syntax

POST /2020-05-31/response-headers-policy HTTP/1.1 <?xml version="1.0" encoding="UTF-8"?> <ResponseHeadersPolicyConfig xmlns="http://cloudfront.amazonaws.com/doc/2020-05-31/"> <Comment>string</Comment> <CorsConfig> <AccessControlAllowCredentials>boolean</AccessControlAllowCredentials> <AccessControlAllowHeaders> <Items> <Header>string</Header> </Items> <Quantity>integer</Quantity> </AccessControlAllowHeaders> <AccessControlAllowMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </AccessControlAllowMethods> <AccessControlAllowOrigins> <Items> <Origin>string</Origin> </Items> <Quantity>integer</Quantity> </AccessControlAllowOrigins> <AccessControlExposeHeaders> <Items> <Header>string</Header> </Items> <Quantity>integer</Quantity> </AccessControlExposeHeaders> <AccessControlMaxAgeSec>integer</AccessControlMaxAgeSec> <OriginOverride>boolean</OriginOverride> </CorsConfig> <CustomHeadersConfig> <Items> <ResponseHeadersPolicyCustomHeader> <Header>string</Header> <Override>boolean</Override> <Value>string</Value> </ResponseHeadersPolicyCustomHeader> </Items> <Quantity>integer</Quantity> </CustomHeadersConfig> <Name>string</Name> <SecurityHeadersConfig> <ContentSecurityPolicy> <ContentSecurityPolicy>string</ContentSecurityPolicy> <Override>boolean</Override> </ContentSecurityPolicy> <ContentTypeOptions> <Override>boolean</Override> </ContentTypeOptions> <FrameOptions> <FrameOption>string</FrameOption> <Override>boolean</Override> </FrameOptions> <ReferrerPolicy> <Override>boolean</Override> <ReferrerPolicy>string</ReferrerPolicy> </ReferrerPolicy> <StrictTransportSecurity> <AccessControlMaxAgeSec>integer</AccessControlMaxAgeSec> <IncludeSubdomains>boolean</IncludeSubdomains> <Override>boolean</Override> <Preload>boolean</Preload> </StrictTransportSecurity> <XSSProtection> <ModeBlock>boolean</ModeBlock> <Override>boolean</Override> <Protection>boolean</Protection> <ReportUri>string</ReportUri> </XSSProtection> </SecurityHeadersConfig> </ResponseHeadersPolicyConfig>

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in XML format.

ResponseHeadersPolicyConfig

Root level tag for the ResponseHeadersPolicyConfig parameters.

Required: Yes

Comment

A comment to describe the response headers policy.

The comment cannot be longer than 128 characters.

Type: String

Required: No

CorsConfig

A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).

Type: ResponseHeadersPolicyCorsConfig object

Required: No

CustomHeadersConfig

A configuration for a set of custom HTTP response headers.

Type: ResponseHeadersPolicyCustomHeadersConfig object

Required: No

Name

A name to identify the response headers policy.

The name must be unique for response headers policies in this AWS account.

Type: String

Required: Yes

SecurityHeadersConfig

A configuration for a set of security-related HTTP response headers.

Type: ResponseHeadersPolicySecurityHeadersConfig object

Required: No

Response Syntax

HTTP/1.1 201 <?xml version="1.0" encoding="UTF-8"?> <ResponseHeadersPolicy> <Id>string</Id> <LastModifiedTime>timestamp</LastModifiedTime> <ResponseHeadersPolicyConfig> <Comment>string</Comment> <CorsConfig> <AccessControlAllowCredentials>boolean</AccessControlAllowCredentials> <AccessControlAllowHeaders> <Items> <Header>string</Header> </Items> <Quantity>integer</Quantity> </AccessControlAllowHeaders> <AccessControlAllowMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </AccessControlAllowMethods> <AccessControlAllowOrigins> <Items> <Origin>string</Origin> </Items> <Quantity>integer</Quantity> </AccessControlAllowOrigins> <AccessControlExposeHeaders> <Items> <Header>string</Header> </Items> <Quantity>integer</Quantity> </AccessControlExposeHeaders> <AccessControlMaxAgeSec>integer</AccessControlMaxAgeSec> <OriginOverride>boolean</OriginOverride> </CorsConfig> <CustomHeadersConfig> <Items> <ResponseHeadersPolicyCustomHeader> <Header>string</Header> <Override>boolean</Override> <Value>string</Value> </ResponseHeadersPolicyCustomHeader> </Items> <Quantity>integer</Quantity> </CustomHeadersConfig> <Name>string</Name> <SecurityHeadersConfig> <ContentSecurityPolicy> <ContentSecurityPolicy>string</ContentSecurityPolicy> <Override>boolean</Override> </ContentSecurityPolicy> <ContentTypeOptions> <Override>boolean</Override> </ContentTypeOptions> <FrameOptions> <FrameOption>string</FrameOption> <Override>boolean</Override> </FrameOptions> <ReferrerPolicy> <Override>boolean</Override> <ReferrerPolicy>string</ReferrerPolicy> </ReferrerPolicy> <StrictTransportSecurity> <AccessControlMaxAgeSec>integer</AccessControlMaxAgeSec> <IncludeSubdomains>boolean</IncludeSubdomains> <Override>boolean</Override> <Preload>boolean</Preload> </StrictTransportSecurity> <XSSProtection> <ModeBlock>boolean</ModeBlock> <Override>boolean</Override> <Protection>boolean</Protection> <ReportUri>string</ReportUri> </XSSProtection> </SecurityHeadersConfig> </ResponseHeadersPolicyConfig> </ResponseHeadersPolicy>

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in XML format by the service.

ResponseHeadersPolicy

Root level tag for the ResponseHeadersPolicy parameters.

Required: Yes

Id

The identifier for the response headers policy.

Type: String

LastModifiedTime

The date and time when the response headers policy was last modified.

Type: Timestamp

ResponseHeadersPolicyConfig

A response headers policy configuration.

A response headers policy contains information about a set of HTTP response headers and their values. CloudFront adds the headers in the policy to HTTP responses that it sends for requests that match a cache behavior that’s associated with the policy.

Type: ResponseHeadersPolicyConfig object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDenied

Access denied.

HTTP Status Code: 403

InconsistentQuantities

The value of Quantity and the size of Items don't match.

HTTP Status Code: 400

InvalidArgument

An argument is invalid.

HTTP Status Code: 400

ResponseHeadersPolicyAlreadyExists

A response headers policy with this name already exists. You must provide a unique name. To modify an existing response headers policy, use UpdateResponseHeadersPolicy.

HTTP Status Code: 409

TooManyCustomHeadersInResponseHeadersPolicy

The number of custom headers in the response headers policy exceeds the maximum.

For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

HTTP Status Code: 400

TooManyResponseHeadersPolicies

You have reached the maximum number of response headers policies for this AWS account.

For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: