I have a website running on IIs 8.5 on Windows 2012. Everytime I use Visual Studio 2015 to publish to this site, X-Frame-Options Deny is added.
I need this totally removed. I've found articles like MVC 5 Prevents access to content via Iframe suggesting to use:
protected void Application_Start()
{
AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
}
However, this does not work. Any suggestions?
I just noticed in IIS that at the server level, it had X-Frame-Options Deny. When I removed this, and republished to the site, X-Frame-Options did not appear.
It must have been inheriting from the server setting.