Amazon CloudFront now supports configurable CORS, security, and custom HTTP response headers

Today, Amazon CloudFront is launching support for response headers policies. You can now add cross-origin resource sharing (CORS), security, and custom headers to HTTP responses returned by your CloudFront distributions. You no longer need to configure your origins or use custom Lambda@Edge or CloudFront functions to insert these headers. 

Source:: Amazon AWS