Recently we have added X-Content-Type-Options: nosniff header to IIS as a part of security fixes. then we started facing issue with SSRS reports are rending properly in IE11. we debugged with F12 options and identified the server is blocking SSRS report default java scripts. And the MIME types in report is text/javascript which is blocking by IIS.
If we remove these headers in IIS then report is working fine. So, is there any solution to make application works with keeping headers?
I ran into this a little while back with the embedded report viewer in our web site. The way we got around it was to remove the header for that page. To do this you need a config.web file in the directory of the report viewer page that has the following in it:
<location path="ViewReport.aspx">
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Content-Type-Options" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>
Hope this helps.
Shawn
