My web site is written by ASP.NET MVC 4 and hosted on IIS 6.2. I need to add custom headers(X-Frame-Options,X-XSS-Protection etc.) to web config in main application.
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
<add name="X-XSS-Protection" value="1" />
<add name="X-Content-Type-Options" value="nosniff" />
</customHeaders>
</httpProtocol>
After I did it, my sub apllications getting http 500 error.I have no idea why this happening. I already tried option.Also tried remove every customheaders from response headers in IIS, also tried add manually in response headers.
Can you give me an advice to fix this issue?
Try adding the header at the Server level by using "HTTP Response Header" applet.
I think you are adding headers in the "Default Web Site" now. Default Site the header starting with "X-" will give error. I had faced this issue.
You can also try adding it in each App or virtual directory under "Default Web Site".