diff --git a/.changeset/curly-trainers-shop.md b/.changeset/curly-trainers-shop.md
new file mode 100644
index 00000000..5865b194
--- /dev/null
+++ b/.changeset/curly-trainers-shop.md
@@ -0,0 +1,5 @@
+---
+"@codedazur/cdk-docker-cluster": minor
+---
+
+The AllViewer origin request policy is now used by default.
diff --git a/.changeset/five-needles-appear.md b/.changeset/five-needles-appear.md
new file mode 100644
index 00000000..636f5808
--- /dev/null
+++ b/.changeset/five-needles-appear.md
@@ -0,0 +1,5 @@
+---
+"@codedazur/cdk-static-site": minor
+---
+
+The S3 origin with CORS origin request policy is now used by default.
diff --git a/.changeset/rude-nails-jam.md b/.changeset/rude-nails-jam.md
new file mode 100644
index 00000000..a8e953a4
--- /dev/null
+++ b/.changeset/rude-nails-jam.md
@@ -0,0 +1,5 @@
+---
+"@codedazur/cdk-site-distribution": minor
+---
+
+It is now supported to provide a custom origin request policy.
diff --git a/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts b/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts
index da9b4903..164b8a15 100644
--- a/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts
+++ b/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts
@@ -3,7 +3,11 @@ import {
   SiteDistributionProps,
 } from "@codedazur/cdk-site-distribution";
 import { App } from "aws-cdk-lib";
-import { CachePolicy, OriginProtocolPolicy } from "aws-cdk-lib/aws-cloudfront";
+import {
+  CachePolicy,
+  OriginProtocolPolicy,
+  OriginRequestPolicy,
+} from "aws-cdk-lib/aws-cloudfront";
 import { LoadBalancerV2Origin } from "aws-cdk-lib/aws-cloudfront-origins";
 import { Platform } from "aws-cdk-lib/aws-ecr-assets";
 import {
@@ -125,8 +129,9 @@ export class DockerCluster extends Construct {
     /**
      * This retrieves the managed "UseOriginCacheControlHeaders-QueryStrings"
      * cache policy, which is designed for use with an origin that sends
-     * Cache-Control headers with the object and includes query strings in the
-     * cache key.
+     * Cache-Control headers with the object, which is recommended for use with
+     * an Application Load Balancer, and includes query strings in the cache
+     * key.
      */
     const cachePolicy = CachePolicy.fromCachePolicyId(
       this,
@@ -134,12 +139,25 @@ export class DockerCluster extends Construct {
       "4cc15a8a-d715-48a4-82b8-cc0b614638fe",
     );
 
+    /**
+     * This retrieves the managed "AllViewer" origin request policy, which
+     * includes all values (query strings, headers, and cookies) in the viewer
+     * request, which is recommended for use with an Application Load Balancer
+     * endpoint.
+     */
+    const originRequestPolicy = OriginRequestPolicy.fromOriginRequestPolicyId(
+      this,
+      "OriginRequestPolicy",
+      "216adef6-5c7f-47e4-b989-5492eafa07d3",
+    );
+
     return new SiteDistribution(this, "Distribution", {
       ...this.props.distribution,
       origin: new LoadBalancerV2Origin(this.service.loadBalancer, {
         protocolPolicy: OriginProtocolPolicy.HTTP_ONLY,
       }),
       cachePolicy,
+      originRequestPolicy,
     });
   }
 
diff --git a/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts b/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts
index 527e791c..3e145762 100644
--- a/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts
+++ b/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts
@@ -12,6 +12,7 @@ import {
   FunctionEventType,
   ICachePolicy,
   IOrigin,
+  IOriginRequestPolicy,
   PriceClass,
   ViewerProtocolPolicy,
 } from "aws-cdk-lib/aws-cloudfront";
@@ -42,6 +43,7 @@ export interface SiteDistributionProps {
     zone?: IHostedZone;
   };
   cachePolicy?: ICachePolicy;
+  originRequestPolicy?: IOriginRequestPolicy;
   invalidateCache?: boolean | string[];
 }
 
@@ -294,6 +296,7 @@ export class SiteDistribution extends Construct {
       domainNames: this.domain ? [this.domain] : undefined,
       defaultBehavior: {
         origin: this.props.origin,
+        originRequestPolicy: this.props.originRequestPolicy,
         viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
         functionAssociations: [
           ...(this.functions.viewerRequest
diff --git a/packages/cdk-static-site/src/constructs/StaticSite.ts b/packages/cdk-static-site/src/constructs/StaticSite.ts
index 490bbf87..267c4250 100644
--- a/packages/cdk-static-site/src/constructs/StaticSite.ts
+++ b/packages/cdk-static-site/src/constructs/StaticSite.ts
@@ -3,7 +3,11 @@ import {
   SiteDistributionProps,
 } from "@codedazur/cdk-site-distribution";
 import { CfnOutput, RemovalPolicy } from "aws-cdk-lib";
-import { FunctionCode, OriginProtocolPolicy } from "aws-cdk-lib/aws-cloudfront";
+import {
+  FunctionCode,
+  OriginProtocolPolicy,
+  OriginRequestPolicy,
+} from "aws-cdk-lib/aws-cloudfront";
 import { HttpOrigin } from "aws-cdk-lib/aws-cloudfront-origins";
 import { AnyPrincipal, Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
 import { BlockPublicAccess, Bucket } from "aws-cdk-lib/aws-s3";
@@ -110,6 +114,7 @@ export class StaticSite extends Construct {
           Referer: this.refererSecret.secretValue.toString(),
         },
       }),
+      originRequestPolicy: OriginRequestPolicy.CORS_S3_ORIGIN,
       functions: {
         viewerRequest: [
           this.getAppendSlashCode(),