ResponseHeadersPolicyStrictTransportSecurity - Amazon CloudFront
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

ResponseHeadersPolicyStrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header's value.

For more information about the Strict-Transport-Security HTTP response header, see Strict-Transport-Security in the MDN Web Docs.

Contents

AccessControlMaxAgeSec

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

Type: Integer

Required: Yes

Override

A Boolean that determines whether CloudFront overrides the Strict-Transport-Security HTTP response header received from the origin with the one specified in this response headers policy.

Type: Boolean

Required: Yes

IncludeSubdomains

A Boolean that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.

Type: Boolean

Required: No

Preload

A Boolean that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

Type: Boolean

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: