diff --git a/.github/workflows/commit-message-validator.yaml b/.github/workflows/commit-message-validator.yaml
index 19f9692..173ce0c 100644
--- a/.github/workflows/commit-message-validator.yaml
+++ b/.github/workflows/commit-message-validator.yaml
@@ -9,4 +9,4 @@ jobs:
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@v4
+      - uses: wagoid/commitlint-github-action@v5
diff --git a/.github/workflows/megalinter.yaml b/.github/workflows/megalinter.yaml
index f902125..f1cf0cb 100644
--- a/.github/workflows/megalinter.yaml
+++ b/.github/workflows/megalinter.yaml
@@ -26,7 +26,7 @@ jobs:
           DISABLE_LINTERS: TERRAFORM_TERRASCAN
       - name: Archive production artifacts
         if: ${{ success() }} || ${{ failure() }}
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: MegaLinter reports
           path: |
diff --git a/README.md b/README.md
index 80b4858..cde5a95 100644
--- a/README.md
+++ b/README.md
@@ -126,6 +126,7 @@ Please be aware that this is mainly a copy operation which means all your curren
 |------|------|
 | [aws_cloudfront_cache_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_cache_policy) | resource |
 | [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
+| [aws_cloudfront_origin_request_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_request_policy) | resource |
 
 ## Inputs
 
diff --git a/main.tf b/main.tf
index 13b7270..c288935 100644
--- a/main.tf
+++ b/main.tf
@@ -28,7 +28,7 @@ resource "aws_cloudfront_cache_policy" "this" {
     enable_accept_encoding_gzip   = true
     enable_accept_encoding_brotli = true
     cookies_config {
-      cookie_behavior = "none"
+      cookie_behavior = "all"
     }
     headers_config {
       header_behavior = "none"
@@ -39,6 +39,18 @@ resource "aws_cloudfront_cache_policy" "this" {
 
   }
 }
+resource "aws_cloudfront_origin_request_policy" "this" {
+  name = module.this_label.id
+  cookies_config {
+    cookie_behavior = "all"
+  }
+  headers_config {
+    header_behavior = "none"
+  }
+  query_strings_config {
+    query_string_behavior = "all"
+  }
+}
 #tfsec:ignore:AWS045
 resource "aws_cloudfront_distribution" "this" {
   origin {
@@ -65,13 +77,16 @@ resource "aws_cloudfront_distribution" "this" {
   default_root_object = var.default_root_object
   aliases             = var.cloudfront_aliases
   default_cache_behavior {
-    allowed_methods        = var.allowed_methods
-    cached_methods         = var.cached_methods
-    target_origin_id       = var.s3_origin_id
-    compress               = true
-    cache_policy_id        = aws_cloudfront_cache_policy.this.id
-    viewer_protocol_policy = var.viewer_protocol_policy
-    min_ttl                = var.cf_min_ttl
+    allowed_methods          = var.allowed_methods
+    cached_methods           = var.cached_methods
+    target_origin_id         = var.s3_origin_id
+    compress                 = true
+    cache_policy_id          = aws_cloudfront_cache_policy.this.id
+    origin_request_policy_id = aws_cloudfront_origin_request_policy.this.id
+    viewer_protocol_policy   = var.viewer_protocol_policy
+    min_ttl                  = var.cf_min_ttl
+    max_ttl                  = var.cf_max_ttl
+    default_ttl              = var.cf_default_ttl
   }
   price_class = var.cf_price_class
   viewer_certificate {