-
Hi Ariel,
Thank you for the kind words and for this excellent catch — your attention to detail is exactly what makes our community so valuable!
You’re absolutely right that the phrasing “custom Request and Response Behavior” doesn’t precisely map to AWS’s actual feature name, which is “Response Headers Policy.” We’ve updated the wording of Option 4 to accurately reflect the correct AWS terminology. The changes will be reflected on the portal shortly.
The correct answer remains Option 4, as CloudFront’s built-in Response Headers Policy is the most suitable and straightforward solution for adding OWASP-recommended security headers — no Lambda@Edge code required.
Thanks again for helping us keep our content sharp. Keep the feedback coming, we’re glad you’re enjoying the questions! 😊
Best regards,
Irene @ Tutorials Dojo
