I have run the OWASP ZAP tool to identify the vulnerability issues in my developed application using angular 10 and spring-boot. There I got Missing Anti-clickjacking Header vulnerability for the below URL.
https://optimizationguide-pa.googleapis.com/downloads?name=236676787&target=OPTIMIZATION_TARGET_LANGUAGE_DETECTION
I need to know how to fix this issue by stopping this call or by any other method.
Same kind of behaviour on my side. I have found this talking about the subject:
https://support.google.com/chrome/thread/157884177/chrome-appearing-to-download-without-me-downloading-anything?hl=en
You can see chrome background downloads using: chrome://download-internals/
It seems there are options to prevent from downloading those files: https://bugs.chromium.org/p/chromium/issues/detail?id=1311753#c24 https://source.chromium.org/chromium/chromium/src/+/main:components/optimization_guide/core/optimization_guide_features.cc;l=85
add parameter "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With