hi,
My site has x-frame-option as deny, its set through aspnet code with custom attribute. i could see the header in the responce in chrome developer tools but the secure header site is still reporting as its missing header. can you please tell me why.
headers from the response in chrome developer tool.
and here is the code that sets it from aspnet
/// <summary>
/// This class is used to handle X-FRAME-OPTIONS
/// </summary>
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public sealed class CustomActionFilterAttribute : ActionFilterAttribute
{
public override void OnResultExecuting(ResultExecutingContext filterContext)
{
if (filterContext != null)
{
filterContext.HttpContext.Response.Headers.Add("x-frame-options", "deny");
}
base.OnResultExecuting(filterContext);
}
}
Please tell me why it does not detect, is there anything wrong.
hi, My site has x-frame-option as deny, its set through aspnet code with custom attribute. i could see the header in the responce in chrome developer tools but the secure header site is still reporting as its missing header. can you please tell me why.
headers from the response in chrome developer tool.
and here is the code that sets it from aspnet
Please tell me why it does not detect, is there anything wrong.