Hi there,
There is a redirection to auth.ourdomain.com which also redirects to Google, Facebook and Microsoft in order to let user sign in via these accounts.
We are getting following error;
Missing OWASP Secure Headers: ["X-Content-Type-Options","Content-Security-Policy","Referrer-Policy"] for URL https://**.**.com/__/auth/handler?apiKey=****&appName=%5BDEFAULT%5D&authType=signInViaRedirect&providerId=google.com&scopes=profile
We can control our headers but we can no do same for google or facebooks auth windows
Do you have any suggestions?