Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Please add a noindex option for Cognito Hosted UI / Managed Login

0

Hello AWS team,

I would like to suggest an improvement for Amazon Cognito Hosted UI / Managed Login.

When we use Cognito with a custom domain such as:

https://auth.example.com

the Hosted UI pages can potentially be indexed by search engines.

The problem is that, as far as I can tell, customers do not have a practical way to control indexing behavior for these pages.

For example, with Cognito Hosted UI / Managed Login, we cannot easily:

  • add a robots meta tag such as noindex, nofollow
  • return X-Robots-Tag: noindex, nofollow
  • serve a custom robots.txt for the Hosted UI domain

This is especially awkward because auth domains are not intended to be landing pages for search traffic. They are authentication endpoints. From a product and SEO perspective, indexing auth.example.com pages is usually undesirable.

My suggestion is one of the following:

  1. Add X-Robots-Tag: noindex, nofollow by default to Hosted UI / Managed Login pages
  2. Add a Cognito setting such as “Prevent search engine indexing”
  3. Allow limited response header or robots control for Hosted UI custom domains

I think option 1 would be the safest and most reasonable default, because authentication pages generally should not be indexed.

Right now, this feels like a gap in the product: customers can customize branding and domain setup, but they cannot handle a very basic indexing control for auth-only pages.

Would AWS consider adding this?

Thank you.

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito
Language
English
asked a month ago51 views
1 Answer
0

Thank you for your detailed feature request regarding search engine indexing control for Amazon Cognito's Hosted UI and Managed Login pages.

I understand your concern about authentication pages potentially being indexed by search engines when using custom domains. You're correct that currently, the customization options available for Managed Login and Hosted UI focus on visual branding rather than technical SEO controls.

The available customization methods include:

For Managed Login (available with Essentials plan or higher):

  • The branding editor, which is a no-code visual editor for managing login assets, styles, and display options
  • Custom background images and dark mode themes
  • Logo images and CSS styling

For Hosted UI (classic):

  • Modifying a CSS file with a fixed set of style options
  • Adding a custom logo image

These customization capabilities are designed to help you provide a consistent user experience between your authentication service and your application, but they don't currently extend to HTTP headers or robots.txt configuration.

Your suggestion about adding indexing controls—whether through default X-Robots-Tag headers, a configurable setting, or custom header support—addresses a legitimate gap in the current feature set. Authentication endpoints are indeed functional pages rather than content intended for search engine discovery.

I recommend submitting this feature request through official AWS channels such as AWS Support or the AWS feedback mechanisms, as product teams actively review customer feedback when planning feature enhancements. Your detailed use case and suggested implementation options would be valuable input for the product team to consider.
Sources
User pool managed login - Amazon Cognito
Essentials plan features - Amazon Cognito
Apply branding to managed login pages - Amazon Cognito

answered a month ago
EXPERT
reviewed a month ago
  • Akey Skywalker
    a month ago

    Thank you. Yes, that is exactly the gap I wanted to highlight.

    Branding customization is helpful, but it does not solve indexing control for authentication-only pages.

    My core point is simple: for Cognito Hosted UI / Managed Login under a custom auth domain, customers currently have no practical way to prevent search indexing.

    Also, this does not seem like a difficult feature to implement. In fact, I do not think this even needs to be optional.

    A very reasonable default would be to add noindex, nofollow to the Hosted UI pages themselves, for example through a robots meta tag or an X-Robots-Tag response header.

    Authentication pages are not meant to be search destinations. If a login URL gets indexed by Google and appears in search results, the people who get confused first are the search users themselves. It may not always look like a major operational issue for the service owner, but it is still a poor default behavior for an authentication endpoint.

    That is why I believe Cognito should handle this directly as part of the product, rather than leaving it entirely to customers who cannot actually control the Hosted UI response.

    I would strongly encourage the product team to consider the simplest improvement: add noindex, nofollow by default to Hosted UI / Managed Login pages.

    If there is already an official Cognito product feedback channel for this kind of request, I would appreciate a pointer.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content