IIS 10 response headers keep reverting after publishing from Visual Studio 2015

Question

I follow something similar to these steps to add CORs to IIS 10 and after about 10 minutes, the response header is removed and CORs stops working.

1. Open Internet Information Service (IIS) Manager.
2. Right click the site you want to enable CORS for and go to Properties.
3. Change to the HTTP Headers tab.
4. In the Custom HTTP headers section, click Add.
5. Enter Access-Control-Allow-Origin as the header name.
6. Enter * as the header value.
7. Click Ok twice.

Then I go back to Visual Studio and publish my project. Why are my CORs response headers being removed and how do I make them stay?

Answer 1

Thanks to a strong hint from S. Walker, I went onto the server, modified the response header as desired and then looked at the web.config file.

It had added:

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

So I copied that into my project web.config file and published. Now it doesn't disappear and CORs continues to work. Seems obvious now.