DEV Community

Cover image for Get started with CloudFront - Part 3: Response Headers and Cache Behavior
Van Hoang Kha for AWS Community Builders

Posted on • Updated on

Get started with CloudFront - Part 3: Response Headers and Cache Behavior

Table of Content

  1. Response Headers
  2. Cache Behavior

1. Response Headers

In this section, you will configure the security headers in the S3 response returned by your Distribution CloudFront. You don't need to configure your origin or use Lambda@Edge or CloudFront custom functions to insert these headers. Amazon CloudFront now supports configurable response headers.

Go to the AWS Management Console and select the CloudFront service.

  • Select the Distributions tab and select your Distributions ID.
  • In the Behaviors tab, select Default(*) behavior and click the Edit button.

Image description

In the "Cache key and origin requests" section, under "Response headers policy - optional", open the drop-down list to see a list of options. Select "Security headers" and click the "Save changes" button.

  • This step will set up a response policy that matches the security header you added in the previous step. When requests come to CloudFront, security headers are inserted into the S3 response from your Distribution. This helps to protect your website from various attacks.

Image description

Update the Inbound rule of the security group, change MyIP to Anywhere

Image description

This Management Response Policy will add a set of security headers to all responses that CloudFront sends to viewers. For more information about these security headers, see Mozilla's web security guide.

  • With this response policy, CloudFront will add X-Content-Type-Options: nosniff to all responses, regardless of whether the response CloudFront receives from Origin contains this header. For all other headers in this policy, if the response CloudFront receives from Origin contains that header, CloudFront uses the header received (and its value) in its response to its viewers. , instead of using the header in this policy.

Image description

Return to your site with your CloudFront URL (eg, open your browser's developer tools and check the response headers sent by CloudFront. Security headers added using the response policy that you have configured will be listed in the "Response Headers" section of the response.

Image description

  • You learned how to create a Distribution with multiple origins and multiple behaviors to serve static content and forward dynamic content API to your origin.

  • You learned how to set up an origin group to provide rerouting in the event of a problem.

  • You also learned how to set up a custom error page and disable content on the fly.

  • Finally, you learned about some important CloudFront headers for debugging and how to add a response policy to the response.

Cache Behavior

In this section, you will create a new Cache Behavior in the CloudFront distribution you created. You will use this Cache Behavior to connect the Lambda@Edge function that you will write.

  • Go to the CloudFront dashboard and select the distribution you created in Part 1.

  • Go to "Cache Behaviors" tab and click "Create Behavior"

Image description

Make the following configuration:

  • Path : "/serverless"

  • Origin:

Image description

Cache Policy: “Managed-CachingDisabled”

  • Origin Request Policy: “Managed-AllViewer”

  • Leave all other settings at default values.

Image description

Click “Create”

Image description

Finish creating the new Cache Behavior.

Image description

The following sections

Get started with CloudFront - Part 1: CloudFront Distribution

Get started with CloudFront - Part 2: Distribution Invalidations

Get started with CloudFront - Part 3: Response Headers and Cache Behavior

Get started with CloudFront - Part 4: Lambda@Edge function

Top comments (0)