Lambda@Edge function for setting HSTS header for Cloudfront+S3 sites

## README.md

      
        

          Raw
        
        
          
            
          
          
            
              README.md
            
          
        
      
    
  
    Set this up as an "Origin Response" Cloudfront Trigger.

  

  

## index.js
exports.handler = async(event, context) => {
  const response = event.Records[0].cf.response;
  const headers = response.headers;

  // If you can, include "includeSubdomains" and "preload"
  // headers['strict-transport-security'] = [{ key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubdomains; preload' }];

  // Otherwise...
  headers['strict-transport-security'] = [{ key: 'Strict-Transport-Security', value: 'max-age=63072000' }];

  return response;
};
	exports.handler = async(event, context) => {
	const response = event.Records[0].cf.response;
	const headers = response.headers;

	// If you can, include "includeSubdomains" and "preload"
	// headers['strict-transport-security'] = [{ key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubdomains; preload' }];

	// Otherwise...
	headers['strict-transport-security'] = [{ key: 'Strict-Transport-Security', value: 'max-age=63072000' }];

	return response;
	};