All Superinterfaces:: software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:: ResponseHeadersPolicyProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.116.0 (build 0eddcff)", date="2025-10-29T11:15:34.385Z") @Stability(Stable) public interface ResponseHeadersPolicyProps extends software.amazon.jsii.JsiiSerializable

Properties for creating a Response Headers Policy.

Example:

 // Using an existing managed response headers policy
 S3Origin bucketOrigin;
 Distribution.Builder.create(this, "myDistManagedPolicy")
         .defaultBehavior(BehaviorOptions.builder()
                 .origin(bucketOrigin)
                 .responseHeadersPolicy(ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS)
                 .build())
         .build();
 // Creating a custom response headers policy -- all parameters optional
 ResponseHeadersPolicy myResponseHeadersPolicy = ResponseHeadersPolicy.Builder.create(this, "ResponseHeadersPolicy")
         .responseHeadersPolicyName("MyPolicy")
         .comment("A default policy")
         .corsBehavior(ResponseHeadersCorsBehavior.builder()
                 .accessControlAllowCredentials(false)
                 .accessControlAllowHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2"))
                 .accessControlAllowMethods(List.of("GET", "POST"))
                 .accessControlAllowOrigins(List.of("*"))
                 .accessControlExposeHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2"))
                 .accessControlMaxAge(Duration.seconds(600))
                 .originOverride(true)
                 .build())
         .customHeadersBehavior(ResponseCustomHeadersBehavior.builder()
                 .customHeaders(List.of(ResponseCustomHeader.builder().header("X-Amz-Date").value("some-value").override(true).build(), ResponseCustomHeader.builder().header("X-Amz-Security-Token").value("some-value").override(false).build()))
                 .build())
         .securityHeadersBehavior(ResponseSecurityHeadersBehavior.builder()
                 .contentSecurityPolicy(ResponseHeadersContentSecurityPolicy.builder().contentSecurityPolicy("default-src https:;").override(true).build())
                 .contentTypeOptions(ResponseHeadersContentTypeOptions.builder().override(true).build())
                 .frameOptions(ResponseHeadersFrameOptions.builder().frameOption(HeadersFrameOption.DENY).override(true).build())
                 .referrerPolicy(ResponseHeadersReferrerPolicy.builder().referrerPolicy(HeadersReferrerPolicy.NO_REFERRER).override(true).build())
                 .strictTransportSecurity(ResponseHeadersStrictTransportSecurity.builder().accessControlMaxAge(Duration.seconds(600)).includeSubdomains(true).override(true).build())
                 .xssProtection(ResponseHeadersXSSProtection.builder().protection(true).modeBlock(false).reportUri("https://example.com/csp-report").override(true).build())
                 .build())
         .removeHeaders(List.of("Server"))
         .serverTimingSamplingRate(50)
         .build();
 Distribution.Builder.create(this, "myDistCustomPolicy")
         .defaultBehavior(BehaviorOptions.builder()
                 .origin(bucketOrigin)
                 .responseHeadersPolicy(myResponseHeadersPolicy)
                 .build())
         .build();

Nested Class Summary

Nested Classes

Modifier and Type

Interface

Description

static final class

ResponseHeadersPolicyProps.Builder

A builder for ResponseHeadersPolicyProps

static final class

ResponseHeadersPolicyProps.Jsii$Proxy

An implementation for ResponseHeadersPolicyProps
Method Summary

Modifier and Type

Method

Description

static ResponseHeadersPolicyProps.Builder

builder()

default String

getComment()

A comment to describe the response headers policy.

default ResponseHeadersCorsBehavior

getCorsBehavior()

A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).

default ResponseCustomHeadersBehavior

getCustomHeadersBehavior()

A configuration for a set of custom HTTP response headers.

default List<String>

getRemoveHeaders()

A list of HTTP response headers that CloudFront removes from HTTP responses that it sends to viewers.

default String

getResponseHeadersPolicyName()

A unique name to identify the response headers policy.

default ResponseSecurityHeadersBehavior

getSecurityHeadersBehavior()

A configuration for a set of security-related HTTP response headers.

default Number

getServerTimingSamplingRate()

The percentage of responses that you want CloudFront to add the Server-Timing header to.

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

Method Details
- getComment
  
  @Stability(Stable) @Nullable default String getComment()
  
  A comment to describe the response headers policy.
  Default: - no comment
- getCorsBehavior
  
  @Stability(Stable) @Nullable default ResponseHeadersCorsBehavior getCorsBehavior()
  
  A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
  Default: - no cors behavior
- getCustomHeadersBehavior
  
  @Stability(Stable) @Nullable default ResponseCustomHeadersBehavior getCustomHeadersBehavior()
  
  A configuration for a set of custom HTTP response headers.
  Default: - no custom headers behavior
- getRemoveHeaders
  
  @Stability(Stable) @Nullable default List<String> getRemoveHeaders()
  
  A list of HTTP response headers that CloudFront removes from HTTP responses that it sends to viewers.
  Default: - no headers are removed
- getResponseHeadersPolicyName
  
  @Stability(Stable) @Nullable default String getResponseHeadersPolicyName()
  
  A unique name to identify the response headers policy.
  Default: - generated from the `id`
- getSecurityHeadersBehavior
  
  @Stability(Stable) @Nullable default ResponseSecurityHeadersBehavior getSecurityHeadersBehavior()
  
  A configuration for a set of security-related HTTP response headers.
  Default: - no security headers behavior
- getServerTimingSamplingRate
  
  @Stability(Stable) @Nullable default Number getServerTimingSamplingRate()
  
  The percentage of responses that you want CloudFront to add the Server-Timing header to.
  Default: - no Server-Timing header is added to HTTP responses
- builder
  
  @Stability(Stable) static ResponseHeadersPolicyProps.Builder builder()
  
  Returns:
  
  a ResponseHeadersPolicyProps.Builder of ResponseHeadersPolicyProps

Interface ResponseHeadersPolicyProps

Nested Class Summary

Method Summary

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Method Details

getComment

getCorsBehavior

getCustomHeadersBehavior

getRemoveHeaders

getResponseHeadersPolicyName

getSecurityHeadersBehavior

getServerTimingSamplingRate

builder