- Newest
- Most votes
- Most comments
Are you sure you are hitting the same behavior for which you configured the response header policy?
Perhaps you could try opening the developer tools (F12) in Chrome or other Chromium-based browser, opening the Network tab, enabling the "Disable cache" and "Preserve logs" options, and loading the site again. Find the request for the page or component that is triggering the error (which might also be specifically identified in an error message in the Console view of the developer tools), and check in its "response headers" properties that the response is actually coming from CloudFront and that the headers are really missing, rather than, for example, your origin specifiying different values that are taking precedence over the defaults in the response header policy.
If your origin is specifying conflicting values for the headers, you can create a custom response header policy that explicitly overrides the headers received from the origin.
Relevant content
- asked 4 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 4 months ago
I use multiple CDNs for my website. I indicate different host values (IP address for the domain name of my website) to test out different CDNs. Cloudflare's CDN is fine with HSTS, but as soon as I designate IP to Amazon Cloudfront servers, the HSTS and all security headers are missing.