AWS::CloudFront::ResponseHeadersPolicy StrictTransportSecurity - AWS CloudFormation

AWS::CloudFront::ResponseHeadersPolicy StrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header's value.

For more information about the Strict-Transport-Security HTTP response header, see Strict-Transport-Security in the MDN Web Docs.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "AccessControlMaxAgeSec" : Integer, "IncludeSubdomains" : Boolean, "Override" : Boolean, "Preload" : Boolean }

YAML

AccessControlMaxAgeSec: Integer IncludeSubdomains: Boolean Override: Boolean Preload: Boolean

Properties

AccessControlMaxAgeSec

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

Required: Yes

Type: Integer

Update requires: No interruption

IncludeSubdomains

A Boolean that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.

Required: No

Type: Boolean

Update requires: No interruption

Override

A Boolean that determines whether CloudFront overrides the Strict-Transport-Security HTTP response header received from the origin with the one specified in this response headers policy.

Required: Yes

Type: Boolean

Update requires: No interruption

Preload

A Boolean that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

Required: No

Type: Boolean

Update requires: No interruption