diff --git a/changelog.md b/changelog.md
index ba8a37f..832e873 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,3 +1,8 @@
+## Version 0.10.4
+ - Encode OpenID .well-known to JSON
+ - Fix incompatibility with other apps using .well-known
+ - Secure the OpenID routes that missed the hardening
+
 ## Version 0.10.3
  - Add missing Constellation logs when creating certs
  - Ignore empty links in cosmos-compose
diff --git a/package.json b/package.json
index d22d927..aa2ef6f 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cosmos-server",
-  "version": "0.10.3",
+  "version": "0.10.4-unstable",
   "description": "",
   "main": "test-server.js",
   "bugs": {
diff --git a/src/authorizationserver/oauth2.go b/src/authorizationserver/oauth2.go
index 5c6f98b..70b7d34 100644
--- a/src/authorizationserver/oauth2.go
+++ b/src/authorizationserver/oauth2.go
@@ -86,8 +86,11 @@ func RegisterHandlers(wellKnown *mux.Router, userRouter *mux.Router, serverRoute
 	serverRouter.HandleFunc("/introspect", introspectionEndpoint)
 
 	// public endpoints
-	wellKnown.HandleFunc("/openid-configuration", discoverEndpoint)
-	wellKnown.HandleFunc("/jwks.json", jwksEndpoint)
+	// set well-known endpoints to be json encoded
+	wellKnown.Use(utils.AcceptHeader("application/json"))
+	
+	wellKnown.HandleFunc("/.well-known/openid-configuration", discoverEndpoint)
+	wellKnown.HandleFunc("/.well-known/jwks.json", jwksEndpoint)
 }
 
 // A session is passed from the `/auth` to the `/token` endpoint. You probably want to store data like: "Who made the request",
diff --git a/src/authorizationserver/oauth2_discover.go b/src/authorizationserver/oauth2_discover.go
index 2a0addd..7a99601 100644
--- a/src/authorizationserver/oauth2_discover.go
+++ b/src/authorizationserver/oauth2_discover.go
@@ -68,7 +68,8 @@ func discoverEndpoint(rw http.ResponseWriter, req *http.Request) {
 		return
 	}
 
-
+	rw.Header().Del("Content-Type")
+	rw.Header().Set("Content-Type", "application/json")
 
 	json.NewEncoder(rw).Encode(&oidcConfiguration{
 		Issuer:                                 hostname,
diff --git a/src/authorizationserver/oauth2_jwks.go b/src/authorizationserver/oauth2_jwks.go
index be125f9..ef8d11b 100644
--- a/src/authorizationserver/oauth2_jwks.go
+++ b/src/authorizationserver/oauth2_jwks.go
@@ -35,6 +35,9 @@ func jwksEndpoint(rw http.ResponseWriter, req *http.Request) {
 	// RSA Public Key from rsa.GenerateKey
 	publicKey := AuthPrivateKey.Public().(*rsa.PublicKey)
 
+	rw.Header().Del("Content-Type")
+	rw.Header().Set("Content-Type", "application/json")
+
 	json.NewEncoder(rw).Encode(&JsonWebKeySet{
 		Keys: []JsonWebKey{
 			{
diff --git a/src/httpServer.go b/src/httpServer.go
index 066a212..f2d02e5 100644
--- a/src/httpServer.go
+++ b/src/httpServer.go
@@ -372,10 +372,10 @@ func InitServer() *mux.Router {
 	SecureAPI(userRouter, false)
 
 	serverRouter := router.PathPrefix("/oauth2").Subrouter()
-	SecureAPI(userRouter, true)
+	SecureAPI(serverRouter, true)
 
-	wellKnownRouter := router.PathPrefix("/.well-known").Subrouter()
-	SecureAPI(userRouter, true)
+	wellKnownRouter := router.PathPrefix("/").Subrouter()
+	SecureAPI(wellKnownRouter, true)
 
 	authorizationserver.RegisterHandlers(wellKnownRouter, userRouter, serverRouter)