選取您的 Cookie 偏好設定

我們使用提供自身網站和服務所需的基本 Cookie 和類似工具。我們使用效能 Cookie 收集匿名統計資料,以便了解客戶如何使用我們的網站並進行改進。基本 Cookie 無法停用,但可以按一下「自訂」或「拒絕」以拒絕效能 Cookie。

如果您同意,AWS 與經核准的第三方也會使用 Cookie 提供實用的網站功能、記住您的偏好設定,並顯示相關內容,包括相關廣告。若要接受或拒絕所有非必要 Cookie,請按一下「接受」或「拒絕」。若要進行更詳細的選擇,請按一下「自訂」。

偏好設定
聯絡我們
意見回饋
AWS Documentation
建立 AWS 帳戶
ResponseHeadersPolicySecurityHeadersConfig - Amazon CloudFront
ContentsSee Also
此頁面尚未翻譯為您的語言。 請求翻譯

ResponseHeadersPolicySecurityHeadersConfig

PDF

A configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.

Contents

ContentSecurityPolicy

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

For more information about the Content-Security-Policy HTTP response header, see Content-Security-Policy in the MDN Web Docs.

Type: ResponseHeadersPolicyContentSecurityPolicy object

Required: No

ContentTypeOptions

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.

For more information about the X-Content-Type-Options HTTP response header, see X-Content-Type-Options in the MDN Web Docs.

Type: ResponseHeadersPolicyContentTypeOptions object

Required: No

FrameOptions

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header's value.

For more information about the X-Frame-Options HTTP response header, see X-Frame-Options in the MDN Web Docs.

Type: ResponseHeadersPolicyFrameOptions object

Required: No

ReferrerPolicy

Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header's value.

For more information about the Referrer-Policy HTTP response header, see Referrer-Policy in the MDN Web Docs.

Type: ResponseHeadersPolicyReferrerPolicy object

Required: No

StrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header's value.

For more information about the Strict-Transport-Security HTTP response header, see Security headers in the Amazon CloudFront Developer Guide and Strict-Transport-Security in the MDN Web Docs.

Type: ResponseHeadersPolicyStrictTransportSecurity object

Required: No

XSSProtection

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header's value.

For more information about the X-XSS-Protection HTTP response header, see X-XSS-Protection in the MDN Web Docs.

Type: ResponseHeadersPolicyXSSProtection object

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

需要協助?

隱私權網站條款Cookie 偏好設定
© 2025, Amazon Web Services, Inc.或其附屬公司。保留所有權利。