The 'Access-Control-Allow-Origin' Header Contains Multiple Values. However I Only Have One Value Defined in the Header?

Question

The following error throws for me when making a request:

Access to XMLHttpRequest at 'My Server URL' from origin 'Server Name' has been 
blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple
values 'Server Name, *', but only one is allowed.

However in my WebApiConfig.cs file I have defined the CORS policy as follows:

var cors = new EnableCorsAttribute("MyServerName", "Content-Type", "GET,PUT,POST,DELETE");
config.EnableCors(cors);

I have defined only one value MyServerName, yet the error thrown defines it as 'Server Name, *'

UPDATE:

When disabling my CORS definition in my WebApiConfig.cs file I recieve the following error when making a request:

Access to XMLHttpRequest at 'My Server URL' from origin 'Server Name' has been 
blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in
the response must not be the wildcard '*' when the request's credentials mode is
'include'. The credentials mode of requests initiated by the XMLHttpRequest is 
controlled by the withCredentials attribute.

I do not have CORS defined in my Web.config file.

UPDATE 2

My Access-Control-Allow-Origin value was being defined in my IIS, after changing it and running it, it thinks the value is ''.

Answer 1

Summing up from The 'Access-Control-Allow-Origin' header contains multiple values there are multiple ways to add CORS and you possibly have more than one:

1. The way you are doing it.
2. By calling app.UseCors(CorsOptions.AllowAll);
3. By adding it in web.config

<system.webServer>
  <httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
  </customHeaders>
</httpProtocol>

4. And by using the Cors attribute.
5. IIS or other configuration on the web server. Restart the app pool and it should work.