aws-cdk-lib.aws_cloudfront.CfnResponseHeadersPolicy.XSSProtectionProperty

interface XSSProtectionProperty

LanguageType name
.NETAmazon.CDK.AWS.CloudFront.CfnResponseHeadersPolicy.XSSProtectionProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscloudfront#CfnResponseHeadersPolicy_XSSProtectionProperty
Javasoftware.amazon.awscdk.services.cloudfront.CfnResponseHeadersPolicy.XSSProtectionProperty
Pythonaws_cdk.aws_cloudfront.CfnResponseHeadersPolicy.XSSProtectionProperty
TypeScript aws-cdk-lib » aws_cloudfront » CfnResponseHeadersPolicy » XSSProtectionProperty

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header's value.

For more information about the X-XSS-Protection HTTP response header, see X-XSS-Protection in the MDN Web Docs.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_cloudfront as cloudfront } from 'aws-cdk-lib';
const xSSProtectionProperty: cloudfront.CfnResponseHeadersPolicy.XSSProtectionProperty = {
  override: false,
  protection: false,

  // the properties below are optional
  modeBlock: false,
  reportUri: 'reportUri',
};

Properties

NameTypeDescription
overrideboolean | IResolvableA Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.
protectionboolean | IResolvableA Boolean that determines the value of the X-XSS-Protection HTTP response header.
modeBlock?boolean | IResolvableA Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.
reportUri?stringA reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header.

override

Type: boolean | IResolvable

A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.


protection

Type: boolean | IResolvable

A Boolean that determines the value of the X-XSS-Protection HTTP response header.

When this setting is true , the value of the X-XSS-Protection header is 1 . When this setting is false , the value of the X-XSS-Protection header is 0 .

For more information about these settings, see X-XSS-Protection in the MDN Web Docs.


modeBlock?

Type: boolean | IResolvable (optional)

A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.

For more information about this directive, see X-XSS-Protection in the MDN Web Docs.


reportUri?

Type: string (optional)

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header.

You cannot specify a ReportUri when ModeBlock is true .

For more information about using a reporting URL, see X-XSS-Protection in the MDN Web Docs.