AWS Security ChangesHomeSearch

AWS AmazonCloudFront documentation change

Service: AmazonCloudFront · 2026-04-01 · Documentation low

File: AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.md

Summary

Added 'Hash-Algorithm' to the list of query parameters that cannot be used in original URLs when using signed URLs.

Security assessment

This change documents that 'Hash-Algorithm' is now a reserved query parameter for CloudFront signed URLs, preventing conflicts between user-defined parameters and CloudFront's signing mechanism. This is a preventive security measure to avoid parameter collision attacks.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.md b/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.md
index 06551abd9..50de32f37 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.md
@@ -38,0 +39,2 @@ If you are not currently using signed URLs, and if your (unsigned) URLs contain
+  * `Hash-Algorithm`
+