diff --git a/modules/cache-policy/README.md b/modules/cache-policy/README.md
index 86eb034..88a4187 100644
--- a/modules/cache-policy/README.md
+++ b/modules/cache-policy/README.md
@@ -9,14 +9,14 @@ This module creates following resources.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.19 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.28.0 |
 
 ## Modules
 
diff --git a/modules/cache-policy/versions.tf b/modules/cache-policy/versions.tf
index 16131a3..0c5b06a 100644
--- a/modules/cache-policy/versions.tf
+++ b/modules/cache-policy/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.5"
+  required_version = ">= 1.6"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22"
+      version = ">= 5.19"
     }
   }
 }
diff --git a/modules/origin-request-policy/README.md b/modules/origin-request-policy/README.md
index 5975388..b9cc4b7 100644
--- a/modules/origin-request-policy/README.md
+++ b/modules/origin-request-policy/README.md
@@ -9,14 +9,14 @@ This module creates following resources.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.19 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.28.0 |
 
 ## Modules
 
@@ -34,9 +34,9 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_name"></a> [name](#input\_name) | (Required) A unique name to identify the CloudFront Origin Request Policy. | `string` | n/a | yes |
 | <a name="input_description"></a> [description](#input\_description) | (Optional) The description of the origin request policy. | `string` | `"Managed by Terraform."` | no |
-| <a name="input_forwarding_cookies"></a> [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_forwarding_headers"></a> [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_forwarding_query_strings"></a> [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_cookies"></a> [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`, `BLACKLIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_headers"></a> [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of header names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_query_strings"></a> [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of query string names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
 
 ## Outputs
 
diff --git a/modules/origin-request-policy/main.tf b/modules/origin-request-policy/main.tf
index c708dcb..7c9780c 100644
--- a/modules/origin-request-policy/main.tf
+++ b/modules/origin-request-policy/main.tf
@@ -31,7 +31,7 @@ resource "aws_cloudfront_origin_request_policy" "this" {
     cookie_behavior = local.behaviors[var.forwarding_cookies.behavior]
 
     dynamic "cookies" {
-      for_each = contains(["WHITELIST"], var.forwarding_cookies.behavior) ? [var.forwarding_cookies] : []
+      for_each = contains(["WHITELIST", "BLACKLIST"], var.forwarding_cookies.behavior) ? [var.forwarding_cookies] : []
 
       content {
         items = cookies.value.items
@@ -42,7 +42,7 @@ resource "aws_cloudfront_origin_request_policy" "this" {
     header_behavior = local.behaviors[var.forwarding_headers.behavior]
 
     dynamic "headers" {
-      for_each = contains(["WHITELIST", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior) ? [var.forwarding_headers] : []
+      for_each = contains(["WHITELIST", "BLACKLIST", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior) ? [var.forwarding_headers] : []
 
       content {
         items = headers.value.items
@@ -53,7 +53,7 @@ resource "aws_cloudfront_origin_request_policy" "this" {
     query_string_behavior = local.behaviors[var.forwarding_query_strings.behavior]
 
     dynamic "query_strings" {
-      for_each = contains(["WHITELIST"], var.forwarding_query_strings.behavior) ? [var.forwarding_query_strings] : []
+      for_each = contains(["WHITELIST", "BLACKLIST"], var.forwarding_query_strings.behavior) ? [var.forwarding_query_strings] : []
 
       content {
         items = query_strings.value.items
diff --git a/modules/origin-request-policy/variables.tf b/modules/origin-request-policy/variables.tf
index 4217175..43f66e1 100644
--- a/modules/origin-request-policy/variables.tf
+++ b/modules/origin-request-policy/variables.tf
@@ -13,8 +13,8 @@ variable "description" {
 variable "forwarding_cookies" {
   description = <<EOF
   (Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.
-    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.
-    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST`.
+    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`, `BLACKLIST`. Defaults to `NONE`.
+    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")
@@ -24,16 +24,16 @@ variable "forwarding_cookies" {
   nullable = false
 
   validation {
-    condition     = contains(["NONE", "WHITELIST", "ALL"], var.forwarding_cookies.behavior)
-    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, and `ALL`."
+    condition     = contains(["NONE", "WHITELIST", "ALL", "BLACKLIST"], var.forwarding_cookies.behavior)
+    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `ALL`, and `BLACKLIST`."
   }
 }
 
 variable "forwarding_headers" {
   description = <<EOF
   (Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.
-    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.
-    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`.
+    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.
+    (Optional) `items` - A list of header names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")
@@ -43,16 +43,16 @@ variable "forwarding_headers" {
   nullable = false
 
   validation {
-    condition     = contains(["NONE", "WHITELIST", "ALL_VIEWER", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior)
-    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`."
+    condition     = contains(["NONE", "WHITELIST", "BLACKLIST", "ALL_VIEWER", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior)
+    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`."
   }
 }
 
 variable "forwarding_query_strings" {
   description = <<EOF
   (Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.
-    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.
-    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST`.
+    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.
+    (Optional) `items` - A list of query string names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")
@@ -62,7 +62,7 @@ variable "forwarding_query_strings" {
   nullable = false
 
   validation {
-    condition     = contains(["NONE", "WHITELIST", "ALL"], var.forwarding_query_strings.behavior)
-    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, and `ALL`."
+    condition     = contains(["NONE", "WHITELIST", "BLACKLIST", "ALL"], var.forwarding_query_strings.behavior)
+    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `BLACKLIST`, and `ALL`."
   }
 }
diff --git a/modules/origin-request-policy/versions.tf b/modules/origin-request-policy/versions.tf
index 16131a3..0c5b06a 100644
--- a/modules/origin-request-policy/versions.tf
+++ b/modules/origin-request-policy/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.5"
+  required_version = ">= 1.6"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22"
+      version = ">= 5.19"
     }
   }
 }
diff --git a/modules/response-headers-policy/README.md b/modules/response-headers-policy/README.md
index ccb8f0a..9057eaf 100644
--- a/modules/response-headers-policy/README.md
+++ b/modules/response-headers-policy/README.md
@@ -9,14 +9,14 @@ This module creates following resources.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.19 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.28.0 |
 
 ## Modules
 
@@ -40,6 +40,7 @@ No modules.
 | <a name="input_description"></a> [description](#input\_description) | (Optional) The description of the origin request policy. | `string` | `"Managed by Terraform."` | no |
 | <a name="input_frame_options_header"></a> [frame\_options\_header](#input\_frame\_options\_header) | (Optional) A configuration for `X-Frame-Options` header in HTTP responses sent from CloudFront. The `X-Frame-Options` HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a `<frame>`, `<iframe>`, `<embed>` or `<object>`. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites. `frame_options_header` as defined below.<br>    (Optional) `enabled` - Whether to enable `X-Frame-Options` response header. Defaults to `false`.<br>    (Optional) `override` - Whether CloudFront overrides the `X-Frame-Options` response header with the header received from the origin. Defaults to `true`.<br>    (Optional) `value` - The value for the `X-Frame-Options` HTTP response header. Valid values are `DENY` or `SAMEORIGIN`.<br>      - `DENY`: The page cannot be displayed in a frame, regardless of the site attempting to do<br>      so.<br>      - `SAMEORIGIN`: The page can only be displayed if all ancestor frames are same origin to the page itself. | <pre>object({<br>    enabled  = optional(bool, false)<br>    override = optional(bool, true)<br>    value    = optional(string, "")<br>  })</pre> | `{}` | no |
 | <a name="input_referrer_policy_header"></a> [referrer\_policy\_header](#input\_referrer\_policy\_header) | (Optional) A configuration for `Referrer-Policy` header in HTTP responses sent from CloudFront. The `Referrer-Policy` HTTP header controls how much referrer information (sent with the `Referer` header) should be included with requests. Aside from the HTTP header, you can set this policy in HTML. The original header name `Referer` is a misspelling of the word "referrer". The `Referrer-Policy` header does not share this misspelling. `referrer_policy_header` as defined below.<br>    (Optional) `enabled` - Whether to enable `Referrer-Policy` response header. Defaults to `false`.<br>    (Optional) `override` - Whether CloudFront overrides the `Referrer-Policy` response header with the header received from the origin. Defaults to `true`.<br>    (Optional) `value` - The value for the `Referrer-Policy` HTTP response header. Valid values are `no-referrer`, `no-referrer-when-downgrade`, `origin`, `origin-when-cross-origin`, `same-origin`, `strict-origin`, `strict-origin-when-cross-origin`, `unsafe-url`. Defaults to `strict-origin-when-cross-origin`.<br>    - `strict-origin-when-cross-origin`: Send the origin, path, and querystring when performing a same-origin request. For cross-origin requests send the origin (only) when the protocol security level stays same (HTTPS→HTTPS). Don't send the Referer header to less secure destinations (HTTPS→HTTP). | <pre>object({<br>    enabled  = optional(bool, false)<br>    override = optional(bool, true)<br>    value    = optional(string, "strict-origin-when-cross-origin")<br>  })</pre> | `{}` | no |
+| <a name="input_remove_headers"></a> [remove\_headers](#input\_remove\_headers) | (Optional) A set of HTTP headers to remove from the HTTP response. | `set(string)` | `[]` | no |
 | <a name="input_server_timing_header"></a> [server\_timing\_header](#input\_server\_timing\_header) | (Optional) A configuration for `Server-Timing` header in HTTP responses sent from CloudFront. This header can be used to view metrics for insights about CloudFront's behavior and performance. You can see which cache layer served a cache hit, the first byte latency from the origin when there was a cache miss. The metrics in the `Server-Timing` header can help you troubleshoot issues or test the efficiency of the CloudFront configuration. `server_timing_header` as defined below.<br>    (Optional) `enabled` - Whether to add the `Server-Timing` header in HTTP response that match a cache behavior associated with this response headers policy. Defaults to `false`.<br>    (Optional) `sampling_rate` - A number from 0 through 100 that specifies the percentage of responses that you want CloudFront to add the `Server-Timing` header to. When you set the sampling rate to `100`, CloudFront adds the `Server-Timing` header to the HTTP response for every request that matches the cache behavior that the response headers policy is attached to. Can have up to four decimal places like `9.9999`. | <pre>object({<br>    enabled       = optional(bool, false)<br>    sampling_rate = optional(number, 0)<br>  })</pre> | `{}` | no |
 | <a name="input_strict_transport_security_header"></a> [strict\_transport\_security\_header](#input\_strict\_transport\_security\_header) | (Optional) A configuration for `Strict-Transport-Security` header in HTTP responses sent from CloudFront. The HTTP `Strict-Transport-Security` response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Note: This is more secure than simply configuring a HTTP to HTTPS (301) redirect on your server, where the initial HTTP connection is still vulnerable to a man-in-the-middle attack. `strict_transport_security_header` as defined below.<br>    (Optional) `enabled` - Whether to enable `Strict-Transport-Security` response header. Defaults to `false`.<br>    (Optional) `override` - Whether CloudFront overrides the `Strict-Transport-Security` response header with the header received from the origin. Defaults to `true`.<br>    (Optional) `max_age` - The value for the `max-age` directive of this header. The time, in seconds, that the browser should remember that a site is only to be accessed using HTTPS. Defaults to `31536000` (365 days).<br>    (Optional) `include_subdomains` - Whether CloudFront includes the `includeSubDomains` directive in the value of this header. When this setting is `true`, this rule applies to all of the site's subdomains as well. Defaults to `false`.<br>    (Optional) `preload` - Whether CloudFront includes the `preload` directive in the header value. However, it is not part of the HSTS specification and should not be treated as official. Defaults to `false`. | <pre>object({<br>    enabled  = optional(bool, false)<br>    override = optional(bool, true)<br><br>    max_age            = optional(number, 60 * 60 * 24 * 365)<br>    include_subdomains = optional(bool, false)<br>    preload            = optional(bool, false)<br>  })</pre> | `{}` | no |
 | <a name="input_xss_protection_header"></a> [xss\_protection\_header](#input\_xss\_protection\_header) | Non-standard: This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.<br><br>  (Optional) A configuration for `X-XSS-Protection` header in HTTP responses sent from CloudFront. The HTTP `X-XSS-Protection` response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. These protections are largely unnecessary in modern browsers when sites implement a strong `Content-Security-Policy` that disables the use of inline JavaScript ('unsafe-inline'). `xss_protection_header` as defined below.<br>    (Optional) `enabled` - Whether to enable `X-XSS-Protection` response header. Defaults to `false`.<br>    (Optional) `override` - Whether CloudFront overrides the `X-XSS-Protection` response header with the header received from the origin. Defaults to `true`.<br>    (Optional) `filtering_enabled` - Whether to enable XSS filtering. The value of `X-XSS-Protection` will be set to `0` (XSS filtering is disabled) or `1` (XSS filtering is enabled). Defaults to `true`.<br>    (Optional) `block` - Whether to enable `block`, which determines whether CloudFront includes the `mode=block` directive in the header value. Defaults to `false`.<br>    (Optional) `report` - A reporting URI (in the `report` field), which determines whether CloudFront includes the `report='reporting URI'` directive in the header value. You can't specify a reporting URI when block is enabled. | <pre>object({<br>    enabled  = optional(bool, false)<br>    override = optional(bool, true)<br><br>    filtering_enabled = optional(bool, true)<br>    block             = optional(bool, false)<br>    report            = optional(string, "")<br>  })</pre> | `{}` | no |
@@ -54,6 +55,7 @@ No modules.
 | <a name="output_etag"></a> [etag](#output\_etag) | The current version of the response headers policy. |
 | <a name="output_id"></a> [id](#output\_id) | The identifier for the CloudFront response headers policy. |
 | <a name="output_name"></a> [name](#output\_name) | The name of the CloudFront response headers policy. |
+| <a name="output_remove_headers"></a> [remove\_headers](#output\_remove\_headers) | A set of HTTP headers to remove from the response headers. |
 | <a name="output_security_headers"></a> [security\_headers](#output\_security\_headers) | A configuration for several security-related HTTP response headers. |
 | <a name="output_server_timing_header"></a> [server\_timing\_header](#output\_server\_timing\_header) | A configuration for `Server-Timing` header in HTTP responses sent from CloudFront. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/response-headers-policy/main.tf b/modules/response-headers-policy/main.tf
index a856a87..ff14b38 100644
--- a/modules/response-headers-policy/main.tf
+++ b/modules/response-headers-policy/main.tf
@@ -45,14 +45,28 @@ resource "aws_cloudfront_response_headers_policy" "this" {
     }
   }
 
-  custom_headers_config {
+  dynamic "custom_headers_config" {
+    for_each = length(var.custom_headers) > 0 ? ["go"] : []
+
+    content {
+      dynamic "items" {
+        for_each = var.custom_headers
+
+        content {
+          header   = items.value.name
+          value    = items.value.value
+          override = items.value.override
+        }
+      }
+    }
+  }
+
+  remove_headers_config {
     dynamic "items" {
-      for_each = var.custom_headers
+      for_each = var.remove_headers
 
       content {
-        header   = items.value.name
-        value    = items.value.value
-        override = items.value.override
+        header = items.value
       }
     }
   }
diff --git a/modules/response-headers-policy/outputs.tf b/modules/response-headers-policy/outputs.tf
index 4337a87..98d3edf 100644
--- a/modules/response-headers-policy/outputs.tf
+++ b/modules/response-headers-policy/outputs.tf
@@ -25,7 +25,12 @@ output "cors" {
 
 output "custom_headers" {
   description = "A configuration for custom headers in the response headers."
-  value       = aws_cloudfront_response_headers_policy.this.custom_headers_config[0].items
+  value       = var.custom_headers
+}
+
+output "remove_headers" {
+  description = "A set of HTTP headers to remove from the response headers."
+  value       = toset(aws_cloudfront_response_headers_policy.this.remove_headers_config[0].items[*].header)
 }
 
 output "security_headers" {
diff --git a/modules/response-headers-policy/variables.tf b/modules/response-headers-policy/variables.tf
index d2c85d4..0d5b079 100644
--- a/modules/response-headers-policy/variables.tf
+++ b/modules/response-headers-policy/variables.tf
@@ -73,6 +73,15 @@ variable "custom_headers" {
   nullable = false
 }
 
+variable "remove_headers" {
+  description = <<EOF
+  (Optional) A set of HTTP headers to remove from the HTTP response.
+  EOF
+  type        = set(string)
+  default     = []
+  nullable    = false
+}
+
 # INFO: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
 variable "content_security_policy_header" {
   description = <<EOF
diff --git a/modules/response-headers-policy/versions.tf b/modules/response-headers-policy/versions.tf
index 16131a3..0c5b06a 100644
--- a/modules/response-headers-policy/versions.tf
+++ b/modules/response-headers-policy/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.5"
+  required_version = ">= 1.6"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22"
+      version = ">= 5.19"
     }
   }
 }