java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.cloudfront.ResponseHeadersPolicy

All Implemented Interfaces:: IResponseHeadersPolicyRef, IEnvironmentAware, IResource, IResponseHeadersPolicy, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)", date="2025-11-13T16:10:00.614Z") @Stability(Stable) public class ResponseHeadersPolicy extends Resource implements IResponseHeadersPolicy

A Response Headers Policy configuration.

Example:

 // Using an existing managed response headers policy
 S3Origin bucketOrigin;
 Distribution.Builder.create(this, "myDistManagedPolicy")
         .defaultBehavior(BehaviorOptions.builder()
                 .origin(bucketOrigin)
                 .responseHeadersPolicy(ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS)
                 .build())
         .build();
 // Creating a custom response headers policy -- all parameters optional
 ResponseHeadersPolicy myResponseHeadersPolicy = ResponseHeadersPolicy.Builder.create(this, "ResponseHeadersPolicy")
         .responseHeadersPolicyName("MyPolicy")
         .comment("A default policy")
         .corsBehavior(ResponseHeadersCorsBehavior.builder()
                 .accessControlAllowCredentials(false)
                 .accessControlAllowHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2"))
                 .accessControlAllowMethods(List.of("GET", "POST"))
                 .accessControlAllowOrigins(List.of("*"))
                 .accessControlExposeHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2"))
                 .accessControlMaxAge(Duration.seconds(600))
                 .originOverride(true)
                 .build())
         .customHeadersBehavior(ResponseCustomHeadersBehavior.builder()
                 .customHeaders(List.of(ResponseCustomHeader.builder().header("X-Amz-Date").value("some-value").override(true).build(), ResponseCustomHeader.builder().header("X-Amz-Security-Token").value("some-value").override(false).build()))
                 .build())
         .securityHeadersBehavior(ResponseSecurityHeadersBehavior.builder()
                 .contentSecurityPolicy(ResponseHeadersContentSecurityPolicy.builder().contentSecurityPolicy("default-src https:;").override(true).build())
                 .contentTypeOptions(ResponseHeadersContentTypeOptions.builder().override(true).build())
                 .frameOptions(ResponseHeadersFrameOptions.builder().frameOption(HeadersFrameOption.DENY).override(true).build())
                 .referrerPolicy(ResponseHeadersReferrerPolicy.builder().referrerPolicy(HeadersReferrerPolicy.NO_REFERRER).override(true).build())
                 .strictTransportSecurity(ResponseHeadersStrictTransportSecurity.builder().accessControlMaxAge(Duration.seconds(600)).includeSubdomains(true).override(true).build())
                 .xssProtection(ResponseHeadersXSSProtection.builder().protection(true).modeBlock(false).reportUri("https://example.com/csp-report").override(true).build())
                 .build())
         .removeHeaders(List.of("Server"))
         .serverTimingSamplingRate(50)
         .build();
 Distribution.Builder.create(this, "myDistCustomPolicy")
         .defaultBehavior(BehaviorOptions.builder()
                 .origin(bucketOrigin)
                 .responseHeadersPolicy(myResponseHeadersPolicy)
                 .build())
         .build();

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

static final class

ResponseHeadersPolicy.Builder

A fluent builder for ResponseHeadersPolicy.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource
IResource.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.cloudfront.IResponseHeadersPolicy
IResponseHeadersPolicy.Jsii$Default, IResponseHeadersPolicy.Jsii$Proxy
Field Summary

Fields

Modifier and Type

Field

Description

static final IResponseHeadersPolicy

CORS_ALLOW_ALL_ORIGINS

Use this managed policy to allow simple CORS requests from any origin.

static final IResponseHeadersPolicy

CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS

Use this managed policy to allow simple CORS requests from any origin and add a set of security headers to all responses that CloudFront sends to viewers.

static final IResponseHeadersPolicy

CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT

Use this managed policy to allow CORS requests from any origin, including preflight requests.

static final IResponseHeadersPolicy

CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS

Use this managed policy to allow CORS requests from any origin, including preflight requests, and add a set of security headers to all responses that CloudFront sends to viewers.

static final String

PROPERTY_INJECTION_ID

Uniquely identifies this class.

static final IResponseHeadersPolicy

SECURITY_HEADERS

Use this managed policy to add a set of security headers to all responses that CloudFront sends to viewers.
Constructor Summary

Constructors

Modifier

Constructor

Description

protected

ResponseHeadersPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

protected

ResponseHeadersPolicy(software.amazon.jsii.JsiiObjectRef objRef)

ResponseHeadersPolicy(software.constructs.Construct scope, String id)

ResponseHeadersPolicy(software.constructs.Construct scope, String id, ResponseHeadersPolicyProps props)
Method Summary

Modifier and Type

Method

Description

static IResponseHeadersPolicy

fromResponseHeadersPolicyId(software.constructs.Construct scope, String id, String responseHeadersPolicyId)

Import an existing Response Headers Policy from its ID.

String

getResponseHeadersPolicyId()

The ID of the response headers policy.

ResponseHeadersPolicyReference

getResponseHeadersPolicyRef()

A reference to a ResponseHeadersPolicy resource.

Methods inherited from class software.amazon.awscdk.Resource
applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource

Methods inherited from class software.constructs.Construct
getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.constructs.IConstruct
getNode

Methods inherited from interface software.amazon.awscdk.interfaces.IEnvironmentAware
getEnv

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

Field Details
- CORS_ALLOW_ALL_ORIGINS
  
  @Stability(Stable) public static final IResponseHeadersPolicy CORS_ALLOW_ALL_ORIGINS
  
  Use this managed policy to allow simple CORS requests from any origin.
- CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS
  
  @Stability(Stable) public static final IResponseHeadersPolicy CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS
  
  Use this managed policy to allow simple CORS requests from any origin and add a set of security headers to all responses that CloudFront sends to viewers.
- CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT
  
  @Stability(Stable) public static final IResponseHeadersPolicy CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT
  
  Use this managed policy to allow CORS requests from any origin, including preflight requests.
- CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS
  
  @Stability(Stable) public static final IResponseHeadersPolicy CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS
  
  Use this managed policy to allow CORS requests from any origin, including preflight requests, and add a set of security headers to all responses that CloudFront sends to viewers.
- PROPERTY_INJECTION_ID
  
  @Stability(Stable) public static final String PROPERTY_INJECTION_ID
  
  Uniquely identifies this class.
- SECURITY_HEADERS
  
  @Stability(Stable) public static final IResponseHeadersPolicy SECURITY_HEADERS
  
  Use this managed policy to add a set of security headers to all responses that CloudFront sends to viewers.
Constructor Details
- ResponseHeadersPolicy
  
  protected ResponseHeadersPolicy(software.amazon.jsii.JsiiObjectRef objRef)
- ResponseHeadersPolicy
  
  protected ResponseHeadersPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
- ResponseHeadersPolicy
  
  @Stability(Stable) public ResponseHeadersPolicy(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable ResponseHeadersPolicyProps props)
  
  Parameters:
  
  scope - This parameter is required.
  
  id - This parameter is required.
  
  props -
- ResponseHeadersPolicy
  
  @Stability(Stable) public ResponseHeadersPolicy(@NotNull software.constructs.Construct scope, @NotNull String id)
  
  Parameters:
  
  scope - This parameter is required.
  
  id - This parameter is required.
Method Details
- fromResponseHeadersPolicyId
  
  @Stability(Stable) @NotNull public static IResponseHeadersPolicy fromResponseHeadersPolicyId(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String responseHeadersPolicyId)
  
  Import an existing Response Headers Policy from its ID.
  
  Parameters:
  
  scope - This parameter is required.
  
  id - This parameter is required.
  
  responseHeadersPolicyId - This parameter is required.
- getResponseHeadersPolicyId
  
  @Stability(Stable) @NotNull public String getResponseHeadersPolicyId()
  
  The ID of the response headers policy.
  
  Specified by:
  
  getResponseHeadersPolicyId in interface IResponseHeadersPolicy
- getResponseHeadersPolicyRef
  
  @Stability(Stable) @NotNull public ResponseHeadersPolicyReference getResponseHeadersPolicyRef()
  
  A reference to a ResponseHeadersPolicy resource.
  
  Specified by:
  
  getResponseHeadersPolicyRef in interface IResponseHeadersPolicyRef

Class ResponseHeadersPolicy

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

Nested classes/interfaces inherited from interface software.constructs.IConstruct

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.cloudfront.IResponseHeadersPolicy

Field Summary

Constructor Summary

Method Summary

Methods inherited from class software.amazon.awscdk.Resource

Methods inherited from class software.constructs.Construct

Methods inherited from class software.amazon.jsii.JsiiObject

Methods inherited from class java.lang.Object

Methods inherited from interface software.constructs.IConstruct

Methods inherited from interface software.amazon.awscdk.interfaces.IEnvironmentAware

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Field Details

CORS_ALLOW_ALL_ORIGINS

CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS

CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT

CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS

PROPERTY_INJECTION_ID

SECURITY_HEADERS

Constructor Details

ResponseHeadersPolicy

ResponseHeadersPolicy

ResponseHeadersPolicy

ResponseHeadersPolicy

Method Details

fromResponseHeadersPolicyId

getResponseHeadersPolicyId

getResponseHeadersPolicyRef