diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index 6ddaab73b..f63e8f6bf 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -7,13 +7,17 @@ class DashboardController < ActionController::Base
   around_action :switch_locale
   before_action :ensure_installation_onboarding, only: [:index]
   before_action :render_hc_if_custom_domain, only: [:index]
-
+  before_action :ensure_html_format
   layout 'vueapp'
 
   def index; end
 
   private
 
+  def ensure_html_format
+    head :not_acceptable unless request.format.html?
+  end
+
   def set_global_config
     @global_config = GlobalConfig.get(
       'LOGO', 'LOGO_DARK', 'LOGO_THUMBNAIL',
diff --git a/spec/controllers/dashboard_controller_spec.rb b/spec/controllers/dashboard_controller_spec.rb
index 31187aeb6..517443858 100644
--- a/spec/controllers/dashboard_controller_spec.rb
+++ b/spec/controllers/dashboard_controller_spec.rb
@@ -18,6 +18,13 @@ describe '/app/login', type: :request do
     end
   end
 
+  context 'with non-HTML format' do
+    it 'returns not acceptable for JSON' do
+      get '/app/login', params: { format: 'json' }
+      expect(response).to have_http_status(:not_acceptable)
+    end
+  end
+
   # Routes are loaded once on app start
   # hence Rails.application.reload_routes! is used in this spec
   # ref : https://stackoverflow.com/a/63584877/939299