--- title: Getting Started with Datadog description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog --- # aws_cloudfront_response_headers_policy{% #aws_cloudfront_response_headers_policy %} ## `account_id`{% #account_id %} **Type**: `STRING` ## `e_tag`{% #e_tag %} **Type**: `STRING`**Provider name**: `ETag`**Description**: The version identifier for the current version of the response headers policy. ## `response_headers_policy`{% #response_headers_policy %} **Type**: `STRUCT`**Provider name**: `ResponseHeadersPolicy`**Description**: Contains a response headers policy. - `id`**Type**: `STRING`**Provider name**: `Id`**Description**: The identifier for the response headers policy. - `last_modified_time`**Type**: `TIMESTAMP`**Provider name**: `LastModifiedTime`**Description**: The date and time when the response headers policy was last modified. - `response_headers_policy_config`**Type**: `STRUCT`**Provider name**: `ResponseHeadersPolicyConfig`**Description**: A response headers policy configuration. - `comment`**Type**: `STRING`**Provider name**: `Comment`**Description**: A comment to describe the response headers policy. The comment cannot be longer than 128 characters. - `cors_config`**Type**: `STRUCT`**Provider name**: `CorsConfig`**Description**: A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). - `access_control_allow_credentials`**Type**: `BOOLEAN`**Provider name**: `AccessControlAllowCredentials`**Description**: A Boolean that CloudFront uses as the value for the `Access-Control-Allow-Credentials` HTTP response header. For more information about the `Access-Control-Allow-Credentials` HTTP response header, see [Access-Control-Allow-Credentials](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials) in the MDN Web Docs. - `access_control_allow_headers`**Type**: `STRUCT`**Provider name**: `AccessControlAllowHeaders`**Description**: A list of HTTP header names that CloudFront includes as values for the `Access-Control-Allow-Headers` HTTP response header. For more information about the `Access-Control-Allow-Headers` HTTP response header, see [Access-Control-Allow-Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) in the MDN Web Docs. - `items`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `Items`**Description**: The list of HTTP header names. You can specify `*` to allow all headers. - `quantity`**Type**: `INT32`**Provider name**: `Quantity`**Description**: The number of HTTP header names in the list. - `access_control_allow_methods`**Type**: `STRUCT`**Provider name**: `AccessControlAllowMethods`**Description**: A list of HTTP methods that CloudFront includes as values for the `Access-Control-Allow-Methods` HTTP response header. For more information about the `Access-Control-Allow-Methods` HTTP response header, see [Access-Control-Allow-Methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) in the MDN Web Docs. - `items`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `Items`**Description**: The list of HTTP methods. Valid values are: - `GET` - `DELETE` - `HEAD` - `OPTIONS` - `PATCH` - `POST` - `PUT` - `ALL` `ALL` is a special value that includes all of the listed HTTP methods. - `quantity`**Type**: `INT32`**Provider name**: `Quantity`**Description**: The number of HTTP methods in the list. - `access_control_allow_origins`**Type**: `STRUCT`**Provider name**: `AccessControlAllowOrigins`**Description**: A list of origins (domain names) that CloudFront can use as the value for the `Access-Control-Allow-Origin` HTTP response header. For more information about the `Access-Control-Allow-Origin` HTTP response header, see [Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) in the MDN Web Docs. - `items`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `Items`**Description**: The list of origins (domain names). You can specify `*` to allow all origins. - `quantity`**Type**: `INT32`**Provider name**: `Quantity`**Description**: The number of origins in the list. - `access_control_expose_headers`**Type**: `STRUCT`**Provider name**: `AccessControlExposeHeaders`**Description**: A list of HTTP headers that CloudFront includes as values for the `Access-Control-Expose-Headers` HTTP response header. For more information about the `Access-Control-Expose-Headers` HTTP response header, see [Access-Control-Expose-Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) in the MDN Web Docs. - `items`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `Items`**Description**: The list of HTTP headers. You can specify `*` to expose all headers. - `quantity`**Type**: `INT32`**Provider name**: `Quantity`**Description**: The number of HTTP headers in the list. - `access_control_max_age_sec`**Type**: `INT32`**Provider name**: `AccessControlMaxAgeSec`**Description**: A number that CloudFront uses as the value for the `Access-Control-Max-Age` HTTP response header. For more information about the `Access-Control-Max-Age` HTTP response header, see [Access-Control-Max-Age](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age) in the MDN Web Docs. - `origin_override`**Type**: `BOOLEAN`**Provider name**: `OriginOverride`**Description**: A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy. - `custom_headers_config`**Type**: `STRUCT`**Provider name**: `CustomHeadersConfig`**Description**: A configuration for a set of custom HTTP response headers. - `items`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `Items`**Description**: The list of HTTP response headers and their values. - `header`**Type**: `STRING`**Provider name**: `Header`**Description**: The HTTP response header name. - `override`**Type**: `BOOLEAN`**Provider name**: `Override`**Description**: A Boolean that determines whether CloudFront overrides a response header with the same name received from the origin with the header specified here. - `value`**Type**: `STRING`**Provider name**: `Value`**Description**: The value for the HTTP response header. - `quantity`**Type**: `INT32`**Provider name**: `Quantity`**Description**: The number of HTTP response headers in the list. - `name`**Type**: `STRING`**Provider name**: `Name`**Description**: A name to identify the response headers policy. The name must be unique for response headers policies in this Amazon Web Services account. - `remove_headers_config`**Type**: `STRUCT`**Provider name**: `RemoveHeadersConfig`**Description**: A configuration for a set of HTTP headers to remove from the HTTP response. - `items`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `Items`**Description**: The list of HTTP header names. - `header`**Type**: `STRING`**Provider name**: `Header`**Description**: The HTTP header name. - `quantity`**Type**: `INT32`**Provider name**: `Quantity`**Description**: The number of HTTP header names in the list. - `security_headers_config`**Type**: `STRUCT`**Provider name**: `SecurityHeadersConfig`**Description**: A configuration for a set of security-related HTTP response headers. - `content_security_policy`**Type**: `STRUCT`**Provider name**: `ContentSecurityPolicy`**Description**: The policy directives and their values that CloudFront includes as values for the `Content-Security-Policy` HTTP response header. For more information about the `Content-Security-Policy` HTTP response header, see [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs. - `content_security_policy`**Type**: `STRING`**Provider name**: `ContentSecurityPolicy`**Description**: The policy directives and their values that CloudFront includes as values for the `Content-Security-Policy` HTTP response header. - `override`**Type**: `BOOLEAN`**Provider name**: `Override`**Description**: A Boolean that determines whether CloudFront overrides the `Content-Security-Policy` HTTP response header received from the origin with the one specified in this response headers policy. - `content_type_options`**Type**: `STRUCT`**Provider name**: `ContentTypeOptions`**Description**: Determines whether CloudFront includes the `X-Content-Type-Options` HTTP response header with its value set to `nosniff`. For more information about the `X-Content-Type-Options` HTTP response header, see [X-Content-Type-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) in the MDN Web Docs. - `override`**Type**: `BOOLEAN`**Provider name**: `Override`**Description**: A Boolean that determines whether CloudFront overrides the `X-Content-Type-Options` HTTP response header received from the origin with the one specified in this response headers policy. - `frame_options`**Type**: `STRUCT`**Provider name**: `FrameOptions`**Description**: Determines whether CloudFront includes the `X-Frame-Options` HTTP response header and the header's value. For more information about the `X-Frame-Options` HTTP response header, see [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs. - `frame_option`**Type**: `STRING`**Provider name**: `FrameOption`**Description**: The value of the `X-Frame-Options` HTTP response header. Valid values are `DENY` and `SAMEORIGIN`. For more information about these values, see [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs. - `override`**Type**: `BOOLEAN`**Provider name**: `Override`**Description**: A Boolean that determines whether CloudFront overrides the `X-Frame-Options` HTTP response header received from the origin with the one specified in this response headers policy. - `referrer_policy`**Type**: `STRUCT`**Provider name**: `ReferrerPolicy`**Description**: Determines whether CloudFront includes the `Referrer-Policy` HTTP response header and the header's value. For more information about the `Referrer-Policy` HTTP response header, see [Referrer-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs. - `override`**Type**: `BOOLEAN`**Provider name**: `Override`**Description**: A Boolean that determines whether CloudFront overrides the `Referrer-Policy` HTTP response header received from the origin with the one specified in this response headers policy. - `referrer_policy`**Type**: `STRING`**Provider name**: `ReferrerPolicy`**Description**: The value of the `Referrer-Policy` HTTP response header. Valid values are: - `no-referrer` - `no-referrer-when-downgrade` - `origin` - `origin-when-cross-origin` - `same-origin` - `strict-origin` - `strict-origin-when-cross-origin` - `unsafe-url` For more information about these values, see [Referrer-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs. - `strict_transport_security`**Type**: `STRUCT`**Provider name**: `StrictTransportSecurity`**Description**: Determines whether CloudFront includes the `Strict-Transport-Security` HTTP response header and the header's value. For more information about the `Strict-Transport-Security` HTTP response header, see [Security headers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-response-headers-policies.html#understanding-response-headers-policies-security) in the Amazon CloudFront Developer Guide and [Strict-Transport-Security](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) in the MDN Web Docs. - `access_control_max_age_sec`**Type**: `INT32`**Provider name**: `AccessControlMaxAgeSec`**Description**: A number that CloudFront uses as the value for the `max-age` directive in the `Strict-Transport-Security` HTTP response header. - `include_subdomains`**Type**: `BOOLEAN`**Provider name**: `IncludeSubdomains`**Description**: A Boolean that determines whether CloudFront includes the `includeSubDomains` directive in the `Strict-Transport-Security` HTTP response header. - `override`**Type**: `BOOLEAN`**Provider name**: `Override`**Description**: A Boolean that determines whether CloudFront overrides the `Strict-Transport-Security` HTTP response header received from the origin with the one specified in this response headers policy. - `preload`**Type**: `BOOLEAN`**Provider name**: `Preload`**Description**: A Boolean that determines whether CloudFront includes the `preload` directive in the `Strict-Transport-Security` HTTP response header. - `xss_protection`**Type**: `STRUCT`**Provider name**: `XSSProtection`**Description**: Determines whether CloudFront includes the `X-XSS-Protection` HTTP response header and the header's value. For more information about the `X-XSS-Protection` HTTP response header, see [X-XSS-Protection](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs. - `mode_block`**Type**: `BOOLEAN`**Provider name**: `ModeBlock`**Description**: A Boolean that determines whether CloudFront includes the `mode=block` directive in the `X-XSS-Protection` header. For more information about this directive, see [X-XSS-Protection](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs. - `override`**Type**: `BOOLEAN`**Provider name**: `Override`**Description**: A Boolean that determines whether CloudFront overrides the `X-XSS-Protection` HTTP response header received from the origin with the one specified in this response headers policy. - `protection`**Type**: `BOOLEAN`**Provider name**: `Protection`**Description**: A Boolean that determines the value of the `X-XSS-Protection` HTTP response header. When this setting is `true`, the value of the `X-XSS-Protection` header is `1`. When this setting is `false`, the value of the `X-XSS-Protection` header is `0`. For more information about these settings, see [X-XSS-Protection](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs. - `report_uri`**Type**: `STRING`**Provider name**: `ReportUri`**Description**: A reporting URI, which CloudFront uses as the value of the `report` directive in the `X-XSS-Protection` header. You cannot specify a `ReportUri` when `ModeBlock` is `true`. For more information about using a reporting URL, see [X-XSS-Protection](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs. - `server_timing_headers_config`**Type**: `STRUCT`**Provider name**: `ServerTimingHeadersConfig`**Description**: A configuration for enabling the `Server-Timing` header in HTTP responses sent from CloudFront. - `enabled`**Type**: `BOOLEAN`**Provider name**: `Enabled`**Description**: A Boolean that determines whether CloudFront adds the `Server-Timing` header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy. - `sampling_rate`**Type**: `DOUBLE`**Provider name**: `SamplingRate`**Description**: A number 0–100 (inclusive) that specifies the percentage of responses that you want CloudFront to add the `Server-Timing` header to. When you set the sampling rate to 100, CloudFront adds the `Server-Timing` header to the HTTP response for every request that matches the cache behavior that this response headers policy is attached to. When you set it to 50, CloudFront adds the header to 50% of the responses for requests that match the cache behavior. You can set the sampling rate to any number 0–100 with up to four decimal places. ## `tags`{% #tags %} **Type**: `UNORDERED_LIST_STRING`