AWS::CloudFront::ResponseHeadersPolicy XSSProtection - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::CloudFront::ResponseHeadersPolicy XSSProtection

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header's value.

For more information about the X-XSS-Protection HTTP response header, see X-XSS-Protection in the MDN Web Docs.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "ModeBlock" : Boolean, "Override" : Boolean, "Protection" : Boolean, "ReportUri" : String }

YAML

ModeBlock: Boolean Override: Boolean Protection: Boolean ReportUri: String

Properties

ModeBlock

A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.

For more information about this directive, see X-XSS-Protection in the MDN Web Docs.

Required: No

Type: Boolean

Update requires: No interruption

Override

A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

Required: Yes

Type: Boolean

Update requires: No interruption

Protection

A Boolean that determines the value of the X-XSS-Protection HTTP response header. When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.

For more information about these settings, see X-XSS-Protection in the MDN Web Docs.

Required: Yes

Type: Boolean

Update requires: No interruption

ReportUri

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header.

You cannot specify a ReportUri when ModeBlock is true.

For more information about using a reporting URL, see X-XSS-Protection in the MDN Web Docs.

Required: No

Type: String

Update requires: No interruption