Do not let your CDN betray you: Use Subresource Integrity
<script src="https://code.jquery.com/jquery-2.1.4.min.js" integrity="sha384-R4/ztc4ZlRqWjqIuvf6RX5yb/v90qNGx6fS48N0tRxiGkqveZETq72KgDVJCp2TC" crossorigin="anonymous"></script>
Preventing Amazon Cloudfront hotlinking
- Go to CloudFront settings
- Edit Distributions settings for a distribution
- Go to the Behaviors tab and edit or create a behavior
- Set Forward Headers to Whitelist
- Add Referer as a whitelisted header
- Save the settings in the bottom right corner
Make sure to also handle the Referer header on your origin.
Cloudfront cache-control headers missing
To do this, I have the following in my htaccess file ..
Header unset Pragma FileETag none Header unset ETag <FilesMatch "(.*)\.(ico|jpg|jpeg|png|gif|js|css|swf)$"> ExpiresActive on ExpiresDefault "access plus 1 year" Header set Cache-Control "max-age=1864000, public" Header unset Last-Modified </FilesMatch>