AWS::CloudFront::ResponseHeadersPolicy StrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header's value.

For more information about the Strict-Transport-Security HTTP response header, see Strict-Transport-Security in the MDN Web Docs.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "AccessControlMaxAgeSec" : Integer,
  "IncludeSubdomains" : Boolean,
  "Override" : Boolean,
  "Preload" : Boolean
}

YAML


  AccessControlMaxAgeSec: Integer
  IncludeSubdomains: Boolean
  Override: Boolean
  Preload: Boolean

Properties

AccessControlMaxAgeSec

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

Required: Yes

Type: Integer

Update requires: No interruption

IncludeSubdomains

A Boolean that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.

Required: No

Type: Boolean

Update requires: No interruption

Override

A Boolean that determines whether CloudFront overrides the Strict-Transport-Security HTTP response header received from the origin with the one specified in this response headers policy.

Required: Yes

Type: Boolean

Update requires: No interruption

Preload

A Boolean that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

Required: No

Type: Boolean

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ServerTimingHeadersConfig

XSSProtection