Auth0 Home Blog Docs

Unable to enhance security

auth0
#1

I have prepared a web site by using auth0 hosted page and i need a security certificate for that web site.
I have been checked by https://observatory.mozilla.org and got it failed.

image

  1. What are the changers i should do to get it pass
#2

@ishangihan2,

Did you have a question? I’m not sure what this image is in reference to.

#4

Hey there @ishangihan2, we’d be happy to help in any way we can but just need a little more context. Are you running into an error or unable to complete a certain task? Meanwhile I will look into these test scores and see what I can find with our team. Thanks!

#5

I have updated reference. Can you check it please?

#6

Hello @ishangihan2,

I don’t believe any of the failed tests are related to Auth0. Auth0 provides authentication and authorization services, not general purpose web application security. Things like a Content Security Policy and HSTS are features you need to provide by other means.

I would suggest you consider Cloudflare. Cloudflare’s service mitigates many of the failed tests in the screencap you provided, though some of them you still need to deal with within your site’s code.

1 Like
#7

Still, the security certificate got failed. This is not solved.

#8

When you mention:

I believe you are referring to the SSL cert.

After confirming with support, if you are leveraging a custom domain we do provide a SSL cert. However if you are using the Auth0 domain, it will use a wildcard cert of *.auth0.com. I hope this provides some insight.

closed #9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.