Which of the following approaches would meet this requirement?
Configure an Amazon Route 53 routing policy to send all web traffic that does not include the required headers to a black hole.
Implement an AWS Lambda@Edge origin response function that inserts the required headers.
Migrate the legacy application to an Amazon S3 static website and front it with an Amazon CloudFront distribution.
Construct an AWS WAF rule to replace existing HTTP headers with the required security headers by using regular expressions.
Explanations:
Configuring an Amazon Route 53 routing policy to send traffic without the required headers to a black hole does not actually add the security headers; it only drops traffic, which is not a practical solution for protecting the application.
Implementing an AWS Lambda@Edge origin response function can effectively modify the HTTP response to include the necessary security headers. This approach allows the engineer to add headers without changing the legacy application’s source code.
Migrating the legacy application to an Amazon S3 static website and using CloudFront is not a viable option if the application has dynamic content or requires server-side processing. Additionally, it would not automatically add the required headers unless specifically configured, which is not directly related to the requirement.
AWS WAF is used for web application firewall rules and cannot modify HTTP headers directly in a way that replaces existing headers with new ones. While it can filter and block requests based on certain conditions, it does not serve the purpose of adding security headers to responses.