ResponseHeadersPolicyStrictTransportSecurity - Amazon CloudFront

ResponseHeadersPolicyStrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value.

For more information about the Strict-Transport-Security HTTP response header, see Strict-Transport-Security in the MDN Web Docs.

Contents

AccessControlMaxAgeSec

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

Type: Integer

Required: Yes

IncludeSubdomains

A Boolean that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.

Type: Boolean

Required: No

Override

A Boolean that determines whether CloudFront overrides the Strict-Transport-Security HTTP response header received from the origin with the one specified in this response headers policy.

Type: Boolean

Required: Yes

Preload

A Boolean that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

Type: Boolean

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: