AWS::CloudFront::ResponseHeadersPolicy StrictTransportSecurity - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::CloudFront::ResponseHeadersPolicy StrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header's value.

For more information about the Strict-Transport-Security HTTP response header, see Strict-Transport-Security in the MDN Web Docs.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "AccessControlMaxAgeSec" : Integer, "IncludeSubdomains" : Boolean, "Override" : Boolean, "Preload" : Boolean }

YAML

AccessControlMaxAgeSec: Integer IncludeSubdomains: Boolean Override: Boolean Preload: Boolean

Properties

AccessControlMaxAgeSec

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

Required: Yes

Type: Integer

Update requires: No interruption

IncludeSubdomains

A Boolean that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.

Required: No

Type: Boolean

Update requires: No interruption

Override

A Boolean that determines whether CloudFront overrides the Strict-Transport-Security HTTP response header received from the origin with the one specified in this response headers policy.

Required: Yes

Type: Boolean

Update requires: No interruption

Preload

A Boolean that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

Required: No

Type: Boolean

Update requires: No interruption