Node 8
'use strict';
exports.handler = (event, context, callback) => {
//Get contents of response
const response = event.Records[0].cf.response;
const headers = response.headers;
//Set new headers
headers['strict-transport-security'] = [{key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubdomains; preload'}];
headers['content-security-policy'] = [{key: 'Content-Security-Policy', value: "default-src 'self' 'unsafe-inline' 'unsafe-eval'"}];
headers['x-content-type-options'] = [{key: 'X-Content-Type-Options', value: 'nosniff'}];
headers['x-frame-options'] = [{key: 'X-Frame-Options', value: 'DENY'}];
headers['x-xss-protection'] = [{key: 'X-XSS-Protection', value: '1; mode=block'}];
headers['referrer-policy'] = [{key: 'Referrer-Policy', value: 'same-origin'}];
headers['x-custom-header'] = [{key: 'X-Custom-Header', value: 'SH_V1'}];
headers['cache-control'] = [{key: 'Cache-Control', value: 'no-store'}];
headers['feature-policy'] = [{key: 'Feature-Policy', value: "microphone 'self'"}];
headers['expect-ct'] = [{key: 'Expect-CT', value: 'enforce, max-age=30'}];
//Return modified response
callback(null, response);
};