AWS::CloudFront::ResponseHeadersPolicy SecurityHeadersConfig

A configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "ContentSecurityPolicy" : ContentSecurityPolicy,
  "ContentTypeOptions" : ContentTypeOptions,
  "FrameOptions" : FrameOptions,
  "ReferrerPolicy" : ReferrerPolicy,
  "StrictTransportSecurity" : StrictTransportSecurity,
  "XSSProtection" : XSSProtection
}

YAML


  ContentSecurityPolicy: 
    ContentSecurityPolicy
  ContentTypeOptions: 
    ContentTypeOptions
  FrameOptions: 
    FrameOptions
  ReferrerPolicy: 
    ReferrerPolicy
  StrictTransportSecurity: 
    StrictTransportSecurity
  XSSProtection: 
    XSSProtection

Properties

ContentSecurityPolicy

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

For more information about the Content-Security-Policy HTTP response header, see Content-Security-Policy in the MDN Web Docs.

Required: No

Type: ContentSecurityPolicy

Update requires: No interruption

ContentTypeOptions

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.

For more information about the X-Content-Type-Options HTTP response header, see X-Content-Type-Options in the MDN Web Docs.

Required: No

Type: ContentTypeOptions

Update requires: No interruption

FrameOptions

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header's value.

For more information about the X-Frame-Options HTTP response header, see X-Frame-Options in the MDN Web Docs.

Required: No

Type: FrameOptions

Update requires: No interruption

ReferrerPolicy

Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header's value.

For more information about the Referrer-Policy HTTP response header, see Referrer-Policy in the MDN Web Docs.

Required: No

Type: ReferrerPolicy

Update requires: No interruption

StrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header's value.

For more information about the Strict-Transport-Security HTTP response header, see Security headers in the Amazon CloudFront Developer Guide and Strict-Transport-Security in the MDN Web Docs.

Required: No

Type: StrictTransportSecurity

Update requires: No interruption

XSSProtection

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header's value.

For more information about the X-XSS-Protection HTTP response header, see X-XSS-Protection in the MDN Web Docs.

Required: No

Type: XSSProtection

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ResponseHeadersPolicyConfig

ServerTimingHeadersConfig