How to set response headers in serverless.yml?


I have serverless API which is working with serverless framework version 1.25

Due to security reason I want to add response header. Please help me how can I set below headers via serverless.yml file. Is it necessary to add this header for the security reason?

• Content-Security-Policy: Include default-src ‘self’

• Strict-Transport-Security max-age=31536000; includeSubDomains; preload

• X-Content-Type-Options: nosniff

• X-XSS-Protection: 1

• Cache-Control: max- age=0; Expires=-1 or Expires: Fri, 01 Jan 1990 00:00:00 GMT; no-cache, must-revalidate

Below is my serverless application serverless.yaml


You can use Lambda Proxy Integration. based on the documentation, you need to create a function which will run when someone accesses your API endpoint.

As an example :

And in your serverless.yml

Leave a Reply