neotreat/http-security-headers-lambda-cloudfront.js

## http-security-headers-lambda-cloudfront.js
'use strict';

exports.handler = (event, context, callback) => {

    const response = event.Records[0].cf.response;
    const headers = response.headers;

    // Add security headers
    const securityHeaders = [
        [{
            'value': 'max-age=31536000',
            'key': 'Strict-Transport-Security'
        }],
        [{
            'value': 'deny',
            'key': 'X-Frame-Options'
        }],
        [{
            'value': '1; mode=block',
            'key': 'X-XSS-Protection'
        }],
        [{
            'value': 'nosniff',
            'key': 'X-Content-Type-Options'
        }],
        [{
            'value': 'strict-origin-when-cross-origin',
            'key': 'Referrer-Policy'
        }]
    ];

    // Add all headers of the array to the response object in the correct format
    for(let header of securityHeaders) {
       headers[header[0].key.toLowerCase()] = header;
    }

    callback(null, response);
};
	'use strict';

	exports.handler = (event, context, callback) => {

	const response = event.Records[0].cf.response;
	const headers = response.headers;

	// Add security headers
	const securityHeaders = [
	[{
	'value': 'max-age=31536000',
	'key': 'Strict-Transport-Security'
	}],
	[{
	'value': 'deny',
	'key': 'X-Frame-Options'
	}],
	[{
	'value': '1; mode=block',
	'key': 'X-XSS-Protection'
	}],
	[{
	'value': 'nosniff',
	'key': 'X-Content-Type-Options'
	}],
	[{
	'value': 'strict-origin-when-cross-origin',
	'key': 'Referrer-Policy'
	}]
	];

	// Add all headers of the array to the response object in the correct format
	for(let header of securityHeaders) {
	headers[header[0].key.toLowerCase()] = header;
	}

	callback(null, response);
	};