Use managed origin request policies
CloudFront provides a set of managed origin request policies that you can attach to any of your distribution's cache behaviors. With a managed origin request policy, you don't need to write or maintain your own origin request policy. The managed policies use settings that are optimized for specific use cases.
To use a managed origin request policy, you attach it to a cache behavior in your distribution. The process is the same as when you create an origin request policy, but instead of creating a new one, you just attach one of the managed origin request policies. You attach the policy either by name (with the console) or by ID (with the AWS CLI or SDKs). The names and IDs are listed in the following section.
For more information, see Create origin request policies.
The following topics describe the managed origin request policies that you can use.
Topics
AllViewer
View
this policy in the CloudFront console
This policy includes all values (headers, cookies, and query strings) from the viewer request.
When using AWS CloudFormation, the AWS CLI, or the CloudFront API, the ID for this policy is:
216adef6-5c7f-47e4-b989-5492eafa07d3
This policy has the following settings:
-
Headers included in origin requests: All headers in the viewer request
-
Cookies included in origin requests: All
-
Query strings included in origin requests: All
AllViewerAndCloudFrontHeaders-2022-06
View
this policy in the CloudFront console
This policy includes all values (headers, cookies, and query strings) from the viewer request, and all CloudFront headers that were released through June 2022 (CloudFront headers released after June 2022 are not included).
When using AWS CloudFormation, the AWS CLI, or the CloudFront API, the ID for this policy is:
33f36d7e-f396-46d9-90e0-52428a34d9dc
This policy has the following settings:
-
Headers included in origin requests: All headers in the viewer request, and the following CloudFront headers:
-
CloudFront-Forwarded-Proto -
CloudFront-Is-Android-Viewer -
CloudFront-Is-Desktop-Viewer -
CloudFront-Is-IOS-Viewer -
CloudFront-Is-Mobile-Viewer -
CloudFront-Is-SmartTV-Viewer -
CloudFront-Is-Tablet-Viewer -
CloudFront-Viewer-Address -
CloudFront-Viewer-ASN -
CloudFront-Viewer-City -
CloudFront-Viewer-Country -
CloudFront-Viewer-Country-Name -
CloudFront-Viewer-Country-Region -
CloudFront-Viewer-Country-Region-Name -
CloudFront-Viewer-Http-Version -
CloudFront-Viewer-Latitude -
CloudFront-Viewer-Longitude -
CloudFront-Viewer-Metro-Code -
CloudFront-Viewer-Postal-Code -
CloudFront-Viewer-Time-Zone -
CloudFront-Viewer-TLS
-
-
Cookies included in origin requests: All
-
Query strings included in origin requests: All
AllViewerExceptHostHeader
View this policy in the CloudFront console
This policy does not include the Host header from the viewer
request, but does include all others values (headers, cookies, and query strings)
from the viewer request.
This policy also includes additional CloudFront request headers for HTTP protocol, HTTP version, TLS version, and all device type and viewer location headers.
This policy is intended for use with Amazon API Gateway and AWS Lambda function URL origins.
These origins expect the Host header to contain the origin domain name,
not the domain name of the CloudFront distribution. Forwarding the Host
header from the viewer request to these origins can prevent them from
working.
Note
When you use this managed origin request policy to remove the viewer's
Host header, CloudFront adds a new Host header with the
origin's domain name to the origin request.
When using AWS CloudFormation, the AWS CLI, or the CloudFront API, the ID for this policy is:
b689b0a8-53d0-40ab-baf2-68738e2966ac
This policy has the following settings:
-
Headers included in origin requests: All headers in the viewer request except for the
Hostheader -
Cookies included in origin requests: All
-
Query strings included in origin requests: All
CORS-CustomOrigin
View
this policy in the CloudFront console
This policy includes the header that enables cross-origin resource sharing (CORS) requests when the origin is a custom origin.
When using AWS CloudFormation, the AWS CLI, or the CloudFront API, the ID for this policy is:
59781a5b-3903-41f3-afcb-af62929ccde1
This policy has the following settings:
-
Headers included in origin requests:
-
Origin
-
-
Cookies included in origin requests: None
-
Query strings included in origin requests: None
CORS-S3Origin
View
this policy in the CloudFront console
This policy includes the headers that enable cross-origin resource sharing (CORS) requests when the origin is an Amazon S3 bucket.
When using AWS CloudFormation, the AWS CLI, or the CloudFront API, the ID for this policy is:
88a5eaf4-2fd4-4709-b370-b4c650ea3fcf
This policy has the following settings:
-
Headers included in origin requests:
-
Origin -
Access-Control-Request-Headers -
Access-Control-Request-Method
-
-
Cookies included in origin requests: None
-
Query strings included in origin requests: None
Elemental-MediaTailor-PersonalizedManifests
View
this policy in the CloudFront console
This policy is intended for use with an origin that is an AWS Elemental MediaTailor endpoint.
When using AWS CloudFormation, the AWS CLI, or the CloudFront API, the ID for this policy is:
775133bc-15f2-49f9-abea-afb2e0bf67d2
This policy has the following settings:
-
Headers included in origin requests:
-
Origin -
Access-Control-Request-Headers -
Access-Control-Request-Method -
User-Agent -
X-Forwarded-For
-
-
Cookies included in origin requests: None
-
Query strings included in origin requests: All
UserAgentRefererHeaders
View
this policy in the CloudFront console
This policy includes only the User-Agent and Referer
headers. It doesn't include any query strings or cookies.
When using AWS CloudFormation, the AWS CLI, or the CloudFront API, the ID for this policy is:
acba4595-bd28-49b8-b9fe-13317c0390fa
This policy has the following settings:
-
Headers included in origin requests:
-
User-Agent -
Referer
-
-
Cookies included in origin requests: None
-
Query strings included in origin requests: None
