ResponseHeadersPolicySecurityHeadersConfig - Amazon CloudFront

ResponseHeadersPolicySecurityHeadersConfig

A configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.

Contents

ContentSecurityPolicy

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

For more information about the Content-Security-Policy HTTP response header, see Content-Security-Policy in the MDN Web Docs.

Type: ResponseHeadersPolicyContentSecurityPolicy object

Required: No

ContentTypeOptions

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.

For more information about the X-Content-Type-Options HTTP response header, see X-Content-Type-Options in the MDN Web Docs.

Type: ResponseHeadersPolicyContentTypeOptions object

Required: No

FrameOptions

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value.

For more information about the X-Frame-Options HTTP response header, see X-Frame-Options in the MDN Web Docs.

Type: ResponseHeadersPolicyFrameOptions object

Required: No

ReferrerPolicy

Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value.

For more information about the Referrer-Policy HTTP response header, see Referrer-Policy in the MDN Web Docs.

Type: ResponseHeadersPolicyReferrerPolicy object

Required: No

StrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value.

For more information about the Strict-Transport-Security HTTP response header, see Strict-Transport-Security in the MDN Web Docs.

Type: ResponseHeadersPolicyStrictTransportSecurity object

Required: No

XSSProtection

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value.

For more information about the X-XSS-Protection HTTP response header, see X-XSS-Protection in the MDN Web Docs.

Type: ResponseHeadersPolicyXSSProtection object

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: