We have to update HTTP header in auth0 hosted page for security enhancement.
Following things need to be updated.
- X-XSS-Protection
- X-Frame-Options
- X-Content-Type-Options
Hi there @mano, you should be able to edit the header directly on the Universal Login page from the dashboard in the section below. Please let me know if you have any questions or if I am miss understanding the request. I linked the Universal Login documentation for context as well. Thanks!
1 Like
We have already added those settings according to your guidelines that you have mentioned. But it hasn’t affected the main domain that we used. Can you please tell us following way that we used to add for the hosted page is correct or wrong? We have tested using the https://observatory.mozilla.org website. But it still shows without new settings.
Added the settings to header as follows.
I wanted to follow up @mano, can you clarify what is the difference between the main domain vs the universal login page. Where exactly are you seeing this behavior? Do you have a link you can share so we can dive into it further? Thanks in advance.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.