'How to remove https://optimizationguide-pa.googleapis.com call execution when the developed application runs?

I have run the OWASP ZAP tool to identify the vulnerability issues in my developed application using angular 10 and spring-boot. There I got Missing Anti-clickjacking Header vulnerability for the below URL.

https://optimizationguide-pa.googleapis.com/downloads?name=236676787&target=OPTIMIZATION_TARGET_LANGUAGE_DETECTION

I need to know how to fix this issue by stopping this call or by any other method.

angulartypescriptsecuritygoogle-apiowasp


Solution 1:[1]

maybe you can ignoring the alert, because it's a chrome-browser event https://groups.google.com/g/zaproxy-users/c/dUop7AuPFJQ

Solution 2:[2]

Same kind of behaviour on my side. I have found this talking about the subject:

https://support.google.com/chrome/thread/157884177/chrome-appearing-to-download-without-me-downloading-anything?hl=en

You can see chrome background downloads using: chrome://download-internals/

It seems there are options to prevent from downloading those files: https://bugs.chromium.org/p/chromium/issues/detail?id=1311753#c24 https://source.chromium.org/chromium/chromium/src/+/main:components/optimization_guide/core/optimization_guide_features.cc;l=85

add parameter "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 arfakh
Solution 2

Related Questions

Secure cookies flag always getting lost in first session after resetting IIS

How to show or hide contents of an aspx page based on current user's roles

protect images on webpage from being copied/saved?

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Disable SSLHandshakeException for a single connection

SSL certificate error for IE users only

How to access HttpContext and Request in RequireAssersion?

Send Public key(generated as seckeyref in iPhone) to server(in Java)

The EXECUTE permission is denied on the user-defined table types?

cannot commit or push using egit (guess: issues with secure storage area)

Authorisation in microservices - how to approach domain object or entity level access control using ACL?

Adding nonce value to @Scripts.Render ASP.Net MVC razor pages with NWebSec

SSL Java java.io.IOException: Invalid keystore format

preventing abuse of API service usage

Protecting or Licensing a Django Application