Using cloudfron functions to remove server header

[lpsm-dev]

I currently have a cloudfront that responds with the path /login/<client-A> and I would like to remove the server header from the response. It's possible?

I tried this code:

function handler(event) {
    var response = event.response;
    var headers = response.headers;

    headers['x-content-type-options'] = { value: 'nosniff'}; 
    headers['x-frame-options'] = {value: 'DENY'}; 
    headers['x-xss-protection'] = {value: '1; mode=block'};
    headers['referrer-policy'] = {value:  #'same-origin'};
    headers['server'] = {value: '*'};

    return response;
}

But it only worked when I accessed the cloudfront from the root path /:

With the path /login/<client> I got the following result, but it's not what I want:

[BilalAshfaq]

@ci-monk Were you able to figure this out? I am facing the same issue.

[lpsm-dev]

@ci-monk Were you able to figure this out? I am facing the same issue.

Hi @BilalAshfaq!

I was able to resolve this through this documentation:

• https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-http-security-headers/

[lpsm-dev]

Resolved!