I would like to add x-frame-options as sameorigin to AWS CloudFront service that serving my application on S3 bucket.
I don't want add new Lambda function to edit requests header.
Actually I found a place under like Attached file:
CloudFront Distributions -> My Distribution settings -> Origins and Origin Groups -> S3 Content item that represent my app -> add Origin Custom Headers -> Header name: x-frame-options, Value :sameorigin
but when deployment going to finish still getting old headers in all related request on S3 bucket files and URL's.
How can I add to headers without any Lambda function just directly working with existing AWS CloudFront panel?
As of November 2021, Cloudfront now supports Response Headers Policies. This allows you to associate a policy with your distribution which defines additional response headers to be returned. If you don't want to use the full Security Headers canned policy, you could create a custom policy with just x-frame-options
.