IIS is adding default 'X-Frame-Options:SAMEORIGIN' even then I added new HTTP response header in default website level as'X-Frame-Options:ALLOW'.

Question

Hi I added new HTTP response header in default website level as'X-Frame-Options:ALLOW'. IIS is adding default 'X-Frame-Options:SAMEORIGIN' and sending both the header in response. And then browser is giving error as Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, ALLOW-FROM http://srv-ind-svt26dw.vanenburg.com:8080/') encountered when loading 'http://srv-ind-svt26dw.vanenburg.com/OTCS/livelink.exe?func=brava.bravaviewer&nodeid=18941'. Falling back to 'DENY'. Can any one help me out from this issue.

Many thanks

score 1 · Answer 1 · edited May 23 '17 at 12:33

1

If your using ASP.NET MVC 5, it insert SAMERORIGIN by default see this.

edited May 23 '17 at 12:33

Community

answered Feb 29 '16 at 21:23

David Yates

1 Answers1