Remove Access-Control-Allow-Origin Response Header

Question

I want to remove Access-Control-Allow-Origin: * vulnerability from Response Header.

I added the following line of codes into web.config which I found from this website.

I also apply some of the method that given in Stack Overflow.

<customHeaders>
    <add name="Access-Control-Allow-Origin" value="domain" />
</customHeaders>

But it does not remove Access-Control-Allow-Origin: * instead of adding Access-Control-Allow-Origin: domain in the Response Header.

I have no idea how to remove this response header, as when I google for the solution. Most of the posts were trying to enable this header.

Please let me know if need more information.

Thanks in advance.

P/S: The website is build on PHP and running on IIS 7.

score 0 · Answer 1 · answered Sep 08 '16 at 19:11

0

use a <remove> tag.

<remove name="Access-Control-Allow-Origin"/>

If you want to add a more restrictive Access-Control-Allow-Origin, you can then put it after the <remove>.

answered Sep 08 '16 at 19:11

Alicia

1 Answers1