AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.4.0 published on Wednesday, May 4, 2022 by Pulumi

ResponseHeadersPolicy

Provides a CloudFront response headers policy resource. A response headers policy contains information about a set of HTTP response headers and their values. After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it’s attached to a cache behavior, CloudFront adds the headers in the policy to every response that it sends for requests that match the cache behavior.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Aws.CloudFront.ResponseHeadersPolicy("example", new Aws.CloudFront.ResponseHeadersPolicyArgs
        {
            Comment = "test comment",
            CorsConfig = new Aws.CloudFront.Inputs.ResponseHeadersPolicyCorsConfigArgs
            {
                AccessControlAllowCredentials = true,
                AccessControlAllowHeaders = new Aws.CloudFront.Inputs.ResponseHeadersPolicyCorsConfigAccessControlAllowHeadersArgs
                {
                    Items = 
                    {
                        "test",
                    },
                },
                AccessControlAllowMethods = new Aws.CloudFront.Inputs.ResponseHeadersPolicyCorsConfigAccessControlAllowMethodsArgs
                {
                    Items = 
                    {
                        "GET",
                    },
                },
                AccessControlAllowOrigins = new Aws.CloudFront.Inputs.ResponseHeadersPolicyCorsConfigAccessControlAllowOriginsArgs
                {
                    Items = 
                    {
                        "test.example.comtest",
                    },
                },
                OriginOverride = true,
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cloudfront"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudfront.NewResponseHeadersPolicy(ctx, "example", &cloudfront.ResponseHeadersPolicyArgs{
			Comment: pulumi.String("test comment"),
			CorsConfig: &cloudfront.ResponseHeadersPolicyCorsConfigArgs{
				AccessControlAllowCredentials: pulumi.Bool(true),
				AccessControlAllowHeaders: &cloudfront.ResponseHeadersPolicyCorsConfigAccessControlAllowHeadersArgs{
					Items: pulumi.StringArray{
						pulumi.String("test"),
					},
				},
				AccessControlAllowMethods: &cloudfront.ResponseHeadersPolicyCorsConfigAccessControlAllowMethodsArgs{
					Items: pulumi.StringArray{
						pulumi.String("GET"),
					},
				},
				AccessControlAllowOrigins: &cloudfront.ResponseHeadersPolicyCorsConfigAccessControlAllowOriginsArgs{
					Items: pulumi.StringArray{
						pulumi.String("test.example.comtest"),
					},
				},
				OriginOverride: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ResponseHeadersPolicy("example", ResponseHeadersPolicyArgs.builder()        
            .comment("test comment")
            .corsConfig(ResponseHeadersPolicyCorsConfig.builder()
                .accessControlAllowCredentials(true)
                .accessControlAllowHeaders(ResponseHeadersPolicyCorsConfigAccessControlAllowHeaders.builder()
                    .items("test")
                    .build())
                .accessControlAllowMethods(ResponseHeadersPolicyCorsConfigAccessControlAllowMethods.builder()
                    .items("GET")
                    .build())
                .accessControlAllowOrigins(ResponseHeadersPolicyCorsConfigAccessControlAllowOrigins.builder()
                    .items("test.example.comtest")
                    .build())
                .originOverride(true)
                .build())
            .build());

        }
}
import pulumi
import pulumi_aws as aws

example = aws.cloudfront.ResponseHeadersPolicy("example",
    comment="test comment",
    cors_config=aws.cloudfront.ResponseHeadersPolicyCorsConfigArgs(
        access_control_allow_credentials=True,
        access_control_allow_headers=aws.cloudfront.ResponseHeadersPolicyCorsConfigAccessControlAllowHeadersArgs(
            items=["test"],
        ),
        access_control_allow_methods=aws.cloudfront.ResponseHeadersPolicyCorsConfigAccessControlAllowMethodsArgs(
            items=["GET"],
        ),
        access_control_allow_origins=aws.cloudfront.ResponseHeadersPolicyCorsConfigAccessControlAllowOriginsArgs(
            items=["test.example.comtest"],
        ),
        origin_override=True,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cloudfront.ResponseHeadersPolicy("example", {
    comment: "test comment",
    corsConfig: {
        accessControlAllowCredentials: true,
        accessControlAllowHeaders: {
            items: ["test"],
        },
        accessControlAllowMethods: {
            items: ["GET"],
        },
        accessControlAllowOrigins: {
            items: ["test.example.comtest"],
        },
        originOverride: true,
    },
});
resources:
  example:
    type: aws:cloudfront:ResponseHeadersPolicy
    properties:
      comment: test comment
      corsConfig:
        accessControlAllowCredentials: true
        accessControlAllowHeaders:
          items:
            - test
        accessControlAllowMethods:
          items:
            - GET
        accessControlAllowOrigins:
          items:
            - test.example.comtest
        originOverride: true

Create a ResponseHeadersPolicy Resource

new ResponseHeadersPolicy(name: string, args?: ResponseHeadersPolicyArgs, opts?: CustomResourceOptions);
@overload
def ResponseHeadersPolicy(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          comment: Optional[str] = None,
                          cors_config: Optional[ResponseHeadersPolicyCorsConfigArgs] = None,
                          custom_headers_config: Optional[ResponseHeadersPolicyCustomHeadersConfigArgs] = None,
                          etag: Optional[str] = None,
                          name: Optional[str] = None,
                          security_headers_config: Optional[ResponseHeadersPolicySecurityHeadersConfigArgs] = None)
@overload
def ResponseHeadersPolicy(resource_name: str,
                          args: Optional[ResponseHeadersPolicyArgs] = None,
                          opts: Optional[ResourceOptions] = None)
func NewResponseHeadersPolicy(ctx *Context, name string, args *ResponseHeadersPolicyArgs, opts ...ResourceOption) (*ResponseHeadersPolicy, error)
public ResponseHeadersPolicy(string name, ResponseHeadersPolicyArgs? args = null, CustomResourceOptions? opts = null)
public ResponseHeadersPolicy(String name, ResponseHeadersPolicyArgs args)
public ResponseHeadersPolicy(String name, ResponseHeadersPolicyArgs args, CustomResourceOptions options)
type: aws:cloudfront:ResponseHeadersPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ResponseHeadersPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ResponseHeadersPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ResponseHeadersPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ResponseHeadersPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ResponseHeadersPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

ResponseHeadersPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The ResponseHeadersPolicy resource accepts the following input properties:

Comment string

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

CorsConfig ResponseHeadersPolicyCorsConfigArgs

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

CustomHeadersConfig ResponseHeadersPolicyCustomHeadersConfigArgs

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

Etag string

The current version of the response headers policy.

Name string

A unique name to identify the response headers policy.

SecurityHeadersConfig ResponseHeadersPolicySecurityHeadersConfigArgs

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

Comment string

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

CorsConfig ResponseHeadersPolicyCorsConfigArgs

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

CustomHeadersConfig ResponseHeadersPolicyCustomHeadersConfigArgs

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

Etag string

The current version of the response headers policy.

Name string

A unique name to identify the response headers policy.

SecurityHeadersConfig ResponseHeadersPolicySecurityHeadersConfigArgs

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

comment String

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

corsConfig ResponseHeadersPolicyCorsConfigArgs

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

customHeadersConfig ResponseHeadersPolicyCustomHeadersConfigArgs

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

etag String

The current version of the response headers policy.

name String

A unique name to identify the response headers policy.

securityHeadersConfig ResponseHeadersPolicySecurityHeadersConfigArgs

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

comment string

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

corsConfig ResponseHeadersPolicyCorsConfigArgs

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

customHeadersConfig ResponseHeadersPolicyCustomHeadersConfigArgs

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

etag string

The current version of the response headers policy.

name string

A unique name to identify the response headers policy.

securityHeadersConfig ResponseHeadersPolicySecurityHeadersConfigArgs

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

comment str

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

cors_config ResponseHeadersPolicyCorsConfigArgs

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

custom_headers_config ResponseHeadersPolicyCustomHeadersConfigArgs

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

etag str

The current version of the response headers policy.

name str

A unique name to identify the response headers policy.

security_headers_config ResponseHeadersPolicySecurityHeadersConfigArgs

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

comment String

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

corsConfig Property Map

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

customHeadersConfig Property Map

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

etag String

The current version of the response headers policy.

name String

A unique name to identify the response headers policy.

securityHeadersConfig Property Map

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

Outputs

All input properties are implicitly available as output properties. Additionally, the ResponseHeadersPolicy resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing ResponseHeadersPolicy Resource

Get an existing ResponseHeadersPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ResponseHeadersPolicyState, opts?: CustomResourceOptions): ResponseHeadersPolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        comment: Optional[str] = None,
        cors_config: Optional[ResponseHeadersPolicyCorsConfigArgs] = None,
        custom_headers_config: Optional[ResponseHeadersPolicyCustomHeadersConfigArgs] = None,
        etag: Optional[str] = None,
        name: Optional[str] = None,
        security_headers_config: Optional[ResponseHeadersPolicySecurityHeadersConfigArgs] = None) -> ResponseHeadersPolicy
func GetResponseHeadersPolicy(ctx *Context, name string, id IDInput, state *ResponseHeadersPolicyState, opts ...ResourceOption) (*ResponseHeadersPolicy, error)
public static ResponseHeadersPolicy Get(string name, Input<string> id, ResponseHeadersPolicyState? state, CustomResourceOptions? opts = null)
public static ResponseHeadersPolicy get(String name, Output<String> id, ResponseHeadersPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Comment string

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

CorsConfig ResponseHeadersPolicyCorsConfigArgs

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

CustomHeadersConfig ResponseHeadersPolicyCustomHeadersConfigArgs

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

Etag string

The current version of the response headers policy.

Name string

A unique name to identify the response headers policy.

SecurityHeadersConfig ResponseHeadersPolicySecurityHeadersConfigArgs

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

Comment string

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

CorsConfig ResponseHeadersPolicyCorsConfigArgs

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

CustomHeadersConfig ResponseHeadersPolicyCustomHeadersConfigArgs

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

Etag string

The current version of the response headers policy.

Name string

A unique name to identify the response headers policy.

SecurityHeadersConfig ResponseHeadersPolicySecurityHeadersConfigArgs

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

comment String

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

corsConfig ResponseHeadersPolicyCorsConfigArgs

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

customHeadersConfig ResponseHeadersPolicyCustomHeadersConfigArgs

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

etag String

The current version of the response headers policy.

name String

A unique name to identify the response headers policy.

securityHeadersConfig ResponseHeadersPolicySecurityHeadersConfigArgs

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

comment string

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

corsConfig ResponseHeadersPolicyCorsConfigArgs

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

customHeadersConfig ResponseHeadersPolicyCustomHeadersConfigArgs

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

etag string

The current version of the response headers policy.

name string

A unique name to identify the response headers policy.

securityHeadersConfig ResponseHeadersPolicySecurityHeadersConfigArgs

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

comment str

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

cors_config ResponseHeadersPolicyCorsConfigArgs

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

custom_headers_config ResponseHeadersPolicyCustomHeadersConfigArgs

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

etag str

The current version of the response headers policy.

name str

A unique name to identify the response headers policy.

security_headers_config ResponseHeadersPolicySecurityHeadersConfigArgs

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

comment String

A comment to describe the response headers policy. The comment cannot be longer than 128 characters.

corsConfig Property Map

A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.

customHeadersConfig Property Map

Object that contains an attribute items that contains a list of custom headers. See Custom Header for more information.

etag String

The current version of the response headers policy.

name String

A unique name to identify the response headers policy.

securityHeadersConfig Property Map

A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.

Supporting Types

ResponseHeadersPolicyCorsConfig

AccessControlAllowCredentials bool

A Boolean value that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.

AccessControlAllowHeaders ResponseHeadersPolicyCorsConfigAccessControlAllowHeaders

Object that contains an attribute items that contains a list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.

AccessControlAllowMethods ResponseHeadersPolicyCorsConfigAccessControlAllowMethods

Object that contains an attribute items that contains a list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header. Valid values: GET | POST | OPTIONS | PUT | DELETE | HEAD | ALL

AccessControlAllowOrigins ResponseHeadersPolicyCorsConfigAccessControlAllowOrigins

Object that contains an attribute items that contains a list of origins that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.

OriginOverride bool

A Boolean value that determines how CloudFront behaves for the HTTP response header.

AccessControlExposeHeaders ResponseHeadersPolicyCorsConfigAccessControlExposeHeaders

Object that contains an attribute items that contains a list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.

AccessControlMaxAgeSec int

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

AccessControlAllowCredentials bool

A Boolean value that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.

AccessControlAllowHeaders ResponseHeadersPolicyCorsConfigAccessControlAllowHeaders

Object that contains an attribute items that contains a list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.

AccessControlAllowMethods ResponseHeadersPolicyCorsConfigAccessControlAllowMethods

Object that contains an attribute items that contains a list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header. Valid values: GET | POST | OPTIONS | PUT | DELETE | HEAD | ALL

AccessControlAllowOrigins ResponseHeadersPolicyCorsConfigAccessControlAllowOrigins

Object that contains an attribute items that contains a list of origins that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.

OriginOverride bool

A Boolean value that determines how CloudFront behaves for the HTTP response header.

AccessControlExposeHeaders ResponseHeadersPolicyCorsConfigAccessControlExposeHeaders

Object that contains an attribute items that contains a list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.

AccessControlMaxAgeSec int

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

accessControlAllowCredentials Boolean

A Boolean value that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.

accessControlAllowHeaders ResponseHeadersPolicyCorsConfigAccessControlAllowHeaders

Object that contains an attribute items that contains a list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.

accessControlAllowMethods ResponseHeadersPolicyCorsConfigAccessControlAllowMethods

Object that contains an attribute items that contains a list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header. Valid values: GET | POST | OPTIONS | PUT | DELETE | HEAD | ALL

accessControlAllowOrigins ResponseHeadersPolicyCorsConfigAccessControlAllowOrigins

Object that contains an attribute items that contains a list of origins that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.

originOverride Boolean

A Boolean value that determines how CloudFront behaves for the HTTP response header.

accessControlExposeHeaders ResponseHeadersPolicyCorsConfigAccessControlExposeHeaders

Object that contains an attribute items that contains a list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.

accessControlMaxAgeSec Integer

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

accessControlAllowCredentials boolean

A Boolean value that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.

accessControlAllowHeaders ResponseHeadersPolicyCorsConfigAccessControlAllowHeaders

Object that contains an attribute items that contains a list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.

accessControlAllowMethods ResponseHeadersPolicyCorsConfigAccessControlAllowMethods

Object that contains an attribute items that contains a list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header. Valid values: GET | POST | OPTIONS | PUT | DELETE | HEAD | ALL

accessControlAllowOrigins ResponseHeadersPolicyCorsConfigAccessControlAllowOrigins

Object that contains an attribute items that contains a list of origins that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.

originOverride boolean

A Boolean value that determines how CloudFront behaves for the HTTP response header.

accessControlExposeHeaders ResponseHeadersPolicyCorsConfigAccessControlExposeHeaders

Object that contains an attribute items that contains a list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.

accessControlMaxAgeSec number

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

access_control_allow_credentials bool

A Boolean value that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.

access_control_allow_headers ResponseHeadersPolicyCorsConfigAccessControlAllowHeaders

Object that contains an attribute items that contains a list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.

access_control_allow_methods ResponseHeadersPolicyCorsConfigAccessControlAllowMethods

Object that contains an attribute items that contains a list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header. Valid values: GET | POST | OPTIONS | PUT | DELETE | HEAD | ALL

access_control_allow_origins ResponseHeadersPolicyCorsConfigAccessControlAllowOrigins

Object that contains an attribute items that contains a list of origins that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.

origin_override bool

A Boolean value that determines how CloudFront behaves for the HTTP response header.

access_control_expose_headers ResponseHeadersPolicyCorsConfigAccessControlExposeHeaders

Object that contains an attribute items that contains a list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.

access_control_max_age_sec int

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

accessControlAllowCredentials Boolean

A Boolean value that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.

accessControlAllowHeaders Property Map

Object that contains an attribute items that contains a list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.

accessControlAllowMethods Property Map

Object that contains an attribute items that contains a list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header. Valid values: GET | POST | OPTIONS | PUT | DELETE | HEAD | ALL

accessControlAllowOrigins Property Map

Object that contains an attribute items that contains a list of origins that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.

originOverride Boolean

A Boolean value that determines how CloudFront behaves for the HTTP response header.

accessControlExposeHeaders Property Map

Object that contains an attribute items that contains a list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.

accessControlMaxAgeSec Number

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

ResponseHeadersPolicyCorsConfigAccessControlAllowHeaders

Items List<string>
Items []string
items List
items string[]
items Sequence[str]
items List

ResponseHeadersPolicyCorsConfigAccessControlAllowMethods

Items List<string>
Items []string
items List
items string[]
items Sequence[str]
items List

ResponseHeadersPolicyCorsConfigAccessControlAllowOrigins

Items List<string>
Items []string
items List
items string[]
items Sequence[str]
items List

ResponseHeadersPolicyCorsConfigAccessControlExposeHeaders

Items List<string>
Items []string
items List
items string[]
items Sequence[str]
items List

ResponseHeadersPolicyCustomHeadersConfig

ResponseHeadersPolicyCustomHeadersConfigItem

Header string

The HTTP response header name.

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

Value string

The value for the HTTP response header.

Header string

The HTTP response header name.

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

Value string

The value for the HTTP response header.

header String

The HTTP response header name.

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

value String

The value for the HTTP response header.

header string

The HTTP response header name.

override boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

value string

The value for the HTTP response header.

header str

The HTTP response header name.

override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

value str

The value for the HTTP response header.

header String

The HTTP response header name.

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

value String

The value for the HTTP response header.

ResponseHeadersPolicySecurityHeadersConfig

ContentSecurityPolicy ResponseHeadersPolicySecurityHeadersConfigContentSecurityPolicy

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

ContentTypeOptions ResponseHeadersPolicySecurityHeadersConfigContentTypeOptions

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. See Content Type Options for more information.

FrameOptions ResponseHeadersPolicySecurityHeadersConfigFrameOptions

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value. See Frame Options for more information.

ReferrerPolicy ResponseHeadersPolicySecurityHeadersConfigReferrerPolicy

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

StrictTransportSecurity ResponseHeadersPolicySecurityHeadersConfigStrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value. See Strict Transport Security for more information.

XssProtection ResponseHeadersPolicySecurityHeadersConfigXssProtection

Determine whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value. See XSS Protection for more information.

ContentSecurityPolicy ResponseHeadersPolicySecurityHeadersConfigContentSecurityPolicy

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

ContentTypeOptions ResponseHeadersPolicySecurityHeadersConfigContentTypeOptions

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. See Content Type Options for more information.

FrameOptions ResponseHeadersPolicySecurityHeadersConfigFrameOptions

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value. See Frame Options for more information.

ReferrerPolicy ResponseHeadersPolicySecurityHeadersConfigReferrerPolicy

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

StrictTransportSecurity ResponseHeadersPolicySecurityHeadersConfigStrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value. See Strict Transport Security for more information.

XssProtection ResponseHeadersPolicySecurityHeadersConfigXssProtection

Determine whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value. See XSS Protection for more information.

contentSecurityPolicy ResponseHeadersPolicySecurityHeadersConfigContentSecurityPolicy

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

contentTypeOptions ResponseHeadersPolicySecurityHeadersConfigContentTypeOptions

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. See Content Type Options for more information.

frameOptions ResponseHeadersPolicySecurityHeadersConfigFrameOptions

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value. See Frame Options for more information.

referrerPolicy ResponseHeadersPolicySecurityHeadersConfigReferrerPolicy

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

strictTransportSecurity ResponseHeadersPolicySecurityHeadersConfigStrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value. See Strict Transport Security for more information.

xssProtection ResponseHeadersPolicySecurityHeadersConfigXssProtection

Determine whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value. See XSS Protection for more information.

contentSecurityPolicy ResponseHeadersPolicySecurityHeadersConfigContentSecurityPolicy

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

contentTypeOptions ResponseHeadersPolicySecurityHeadersConfigContentTypeOptions

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. See Content Type Options for more information.

frameOptions ResponseHeadersPolicySecurityHeadersConfigFrameOptions

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value. See Frame Options for more information.

referrerPolicy ResponseHeadersPolicySecurityHeadersConfigReferrerPolicy

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

strictTransportSecurity ResponseHeadersPolicySecurityHeadersConfigStrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value. See Strict Transport Security for more information.

xssProtection ResponseHeadersPolicySecurityHeadersConfigXssProtection

Determine whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value. See XSS Protection for more information.

content_security_policy ResponseHeadersPolicySecurityHeadersConfigContentSecurityPolicy

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

content_type_options ResponseHeadersPolicySecurityHeadersConfigContentTypeOptions

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. See Content Type Options for more information.

frame_options ResponseHeadersPolicySecurityHeadersConfigFrameOptions

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value. See Frame Options for more information.

referrer_policy ResponseHeadersPolicySecurityHeadersConfigReferrerPolicy

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

strict_transport_security ResponseHeadersPolicySecurityHeadersConfigStrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value. See Strict Transport Security for more information.

xss_protection ResponseHeadersPolicySecurityHeadersConfigXssProtection

Determine whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value. See XSS Protection for more information.

contentSecurityPolicy Property Map

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

contentTypeOptions Property Map

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. See Content Type Options for more information.

frameOptions Property Map

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value. See Frame Options for more information.

referrerPolicy Property Map

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

strictTransportSecurity Property Map

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value. See Strict Transport Security for more information.

xssProtection Property Map

Determine whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value. See XSS Protection for more information.

ResponseHeadersPolicySecurityHeadersConfigContentSecurityPolicy

ContentSecurityPolicy string

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

ContentSecurityPolicy string

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

contentSecurityPolicy String

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

contentSecurityPolicy string

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

override boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

content_security_policy str

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

contentSecurityPolicy String

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

ResponseHeadersPolicySecurityHeadersConfigContentTypeOptions

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

override boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

ResponseHeadersPolicySecurityHeadersConfigFrameOptions

FrameOption string

The value of the X-Frame-Options HTTP response header. Valid values: DENY | SAMEORIGIN

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

FrameOption string

The value of the X-Frame-Options HTTP response header. Valid values: DENY | SAMEORIGIN

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

frameOption String

The value of the X-Frame-Options HTTP response header. Valid values: DENY | SAMEORIGIN

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

frameOption string

The value of the X-Frame-Options HTTP response header. Valid values: DENY | SAMEORIGIN

override boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

frame_option str

The value of the X-Frame-Options HTTP response header. Valid values: DENY | SAMEORIGIN

override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

frameOption String

The value of the X-Frame-Options HTTP response header. Valid values: DENY | SAMEORIGIN

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

ResponseHeadersPolicySecurityHeadersConfigReferrerPolicy

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

ReferrerPolicy string

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

ReferrerPolicy string

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

referrerPolicy String

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

override boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

referrerPolicy string

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

referrer_policy str

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

referrerPolicy String

The value of the Referrer-Policy HTTP response header. Valid Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url

ResponseHeadersPolicySecurityHeadersConfigStrictTransportSecurity

AccessControlMaxAgeSec int

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

IncludeSubdomains bool

A Boolean value that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.

Preload bool

A Boolean value that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

AccessControlMaxAgeSec int

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

IncludeSubdomains bool

A Boolean value that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.

Preload bool

A Boolean value that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

accessControlMaxAgeSec Integer

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

includeSubdomains Boolean

A Boolean value that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.

preload Boolean

A Boolean value that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

accessControlMaxAgeSec number

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

override boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

includeSubdomains boolean

A Boolean value that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.

preload boolean

A Boolean value that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

access_control_max_age_sec int

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

include_subdomains bool

A Boolean value that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.

preload bool

A Boolean value that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

accessControlMaxAgeSec Number

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

includeSubdomains Boolean

A Boolean value that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.

preload Boolean

A Boolean value that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

ResponseHeadersPolicySecurityHeadersConfigXssProtection

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

Protection bool

A Boolean value that determines the value of the X-XSS-Protection HTTP response header. When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.

ModeBlock bool

A Boolean value that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.

ReportUri string

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header. You cannot specify a report_uri when mode_block is true.

Override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

Protection bool

A Boolean value that determines the value of the X-XSS-Protection HTTP response header. When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.

ModeBlock bool

A Boolean value that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.

ReportUri string

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header. You cannot specify a report_uri when mode_block is true.

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

protection Boolean

A Boolean value that determines the value of the X-XSS-Protection HTTP response header. When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.

modeBlock Boolean

A Boolean value that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.

reportUri String

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header. You cannot specify a report_uri when mode_block is true.

override boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

protection boolean

A Boolean value that determines the value of the X-XSS-Protection HTTP response header. When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.

modeBlock boolean

A Boolean value that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.

reportUri string

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header. You cannot specify a report_uri when mode_block is true.

override bool

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

protection bool

A Boolean value that determines the value of the X-XSS-Protection HTTP response header. When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.

mode_block bool

A Boolean value that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.

report_uri str

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header. You cannot specify a report_uri when mode_block is true.

override Boolean

A Boolean value that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

protection Boolean

A Boolean value that determines the value of the X-XSS-Protection HTTP response header. When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.

modeBlock Boolean

A Boolean value that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.

reportUri String

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header. You cannot specify a report_uri when mode_block is true.

Import

Cloudfront Response Headers Policies can be imported using the id, e.g.

 $ pulumi import aws:cloudfront/responseHeadersPolicy:ResponseHeadersPolicy policy 658327ea-f89d-4fab-a63d-7e88639e58f9

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.