ResponseHeadersPolicyXSSProtection
Determines whether CloudFront includes the X-XSS-Protection
HTTP response
header and the header's value.
For more information about the X-XSS-Protection
HTTP response header, see
X-XSS-Protection
Contents
- Override
-
A Boolean that determines whether CloudFront overrides the
X-XSS-Protection
HTTP response header received from the origin with the one specified in this response headers policy.Type: Boolean
Required: Yes
- Protection
-
A Boolean that determines the value of the
X-XSS-Protection
HTTP response header. When this setting istrue
, the value of theX-XSS-Protection
header is1
. When this setting isfalse
, the value of theX-XSS-Protection
header is0
.For more information about these settings, see X-XSS-Protection
in the MDN Web Docs. Type: Boolean
Required: Yes
- ModeBlock
-
A Boolean that determines whether CloudFront includes the
mode=block
directive in theX-XSS-Protection
header.For more information about this directive, see X-XSS-Protection
in the MDN Web Docs. Type: Boolean
Required: No
- ReportUri
-
A reporting URI, which CloudFront uses as the value of the
report
directive in theX-XSS-Protection
header.You cannot specify a
ReportUri
whenModeBlock
istrue
.For more information about using a reporting URL, see X-XSS-Protection
in the MDN Web Docs. Type: String
Required: No
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: