You have a CloudFront distribution that has an S3 bucket as the origin. There is a requirement to add Security headers to the HTTP responses before they can be relayed back to the clients. How can you achieve this?

Answer options:

A.Change the Behaviour of the origin. Add a configuration for adding the security header.
B.Create a Lambda function that will run on the edge.
C.Make sure that the Viewer protocol is set to HTTPS.
D.Create an OAI for the Cloudfront distribution.

Answer – B
One of the AWS Blogs mentions the following.
Lambda@Edge provides the ability to execute a Lambda function at an Amazon CloudFront Edge Location. This capability enables intelligent processing of HTTP requests at locations that are close (for the purposes of latency) to your customers. To get started, you simply upload your code (Lambda function written in Node.js) and pick one of the CloudFront behaviors associated with your distribution.
All other options are incorrect since none of these will help meet the requirement.
For more information on adding security headers using Lambda@Edge, one can visit the below URL
https://aws.amazon.com/blogs/networking-and-content-delivery/adding-http-security-headers-using-lambdaedge-and-amazon-cloudfront/