I used Universal Login with a custom database connection to my application authentication process.
It’s working as intented.
Now I run OWASP ZAP against my application and I got this security risk about auth0:
X-Content-Type-Options Header Missing
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ‘nosniff’. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
url => https:/domain.eu.auth0.com/usernamepassword/login
So question is how can I disable this url because I don’t think I need it for my login process