This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::CloudFront::ResponseHeadersPolicy XSSProtection
Determines whether CloudFront includes the X-XSS-Protection HTTP response
header and the header's value.
For more information about the X-XSS-Protection HTTP response header, see
X-XSS-Protection
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "ModeBlock" :Boolean, "Override" :Boolean, "Protection" :Boolean, "ReportUri" :String}
YAML
ModeBlock:BooleanOverride:BooleanProtection:BooleanReportUri:String
Properties
ModeBlock-
A Boolean that determines whether CloudFront includes the
mode=blockdirective in theX-XSS-Protectionheader.For more information about this directive, see X-XSS-Protection
in the MDN Web Docs. Required: No
Type: Boolean
Update requires: No interruption
Override-
A Boolean that determines whether CloudFront overrides the
X-XSS-ProtectionHTTP response header received from the origin with the one specified in this response headers policy.Required: Yes
Type: Boolean
Update requires: No interruption
Protection-
A Boolean that determines the value of the
X-XSS-ProtectionHTTP response header. When this setting istrue, the value of theX-XSS-Protectionheader is1. When this setting isfalse, the value of theX-XSS-Protectionheader is0.For more information about these settings, see X-XSS-Protection
in the MDN Web Docs. Required: Yes
Type: Boolean
Update requires: No interruption
ReportUri-
A reporting URI, which CloudFront uses as the value of the
reportdirective in theX-XSS-Protectionheader.You cannot specify a
ReportUriwhenModeBlockistrue.For more information about using a reporting URL, see X-XSS-Protection
in the MDN Web Docs. Required: No
Type: String
Update requires: No interruption
