X-Content-Type-Options Header Missing

dker · April 29, 2020, 12:09pm

Hi,
I used Universal Login with a custom database connection to my application authentication process.
It’s working as intented.
Now I run OWASP ZAP against my application and I got this security risk about auth0:

X-Content-Type-Options Header Missing

The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ‘nosniff’. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

url => https:/domain.eu.auth0.com/usernamepassword/login

So question is how can I disable this url because I don’t think I need it for my login process

Topic		Replies	Views
Universal Login response headers not compliant (X-XSS-Protection) Product Feedback auth0 , login , universal-login , security-risk , response-headers	1	71	December 30, 2024
Is there anyway to update HTTP header in auth0 hosted page? Get Help auth0	4	3909	February 23, 2019
Auth0 New Universal Login Missing Some Security Headers Knowledge Articles new-universal-login , missing , security-headers	1	323	May 20, 2024
Cannot view the auth0 support page https://support.auth0.com Get Help ticket-management , support-center	9	718	April 26, 2024
Clickjacking Attacks and How to Prevent Them Blog Discussions	10	3315	April 29, 2024

X-Content-Type-Options Header Missing

Related topics