IIS defaults X-Frame-Options Deny every time I publish my website

Question

I have a website running on IIs 8.5 on Windows 2012. Everytime I use Visual Studio 2015 to publish to this site, X-Frame-Options Deny is added.

I need this totally removed. I've found articles like MVC 5 Prevents access to content via Iframe suggesting to use:

protected void Application_Start()
{
    AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
}

However, this does not work. Any suggestions?

score 0 · Accepted Answer · answered Nov 22 '16 at 02:08

0

I just noticed in IIS that at the server level, it had X-Frame-Options Deny. When I removed this, and republished to the site, X-Frame-Options did not appear.

It must have been inheriting from the server setting.

answered Nov 22 '16 at 02:08

Chris

1,690
2
17
24

IIS defaults X-Frame-Options Deny every time I publish my website

1 Answers1