The reason is you are telling the website to remove an X-Frame-Options header, then add a different X-Frame-Options header, but you're still ending up with two.
The fact your remove step isn't doing anything suggests the offending X-Frame-Options heading is being added after your code has run. That sounds like something a firewall or other network security software might do - but I don't know how they're set up. I suspect if you've got IT Ops people where you work, they'd be the people to speak to.
If it is something a DNN module upgrade has caused, it's almost certainly on http://healthtest.co.santa-cruz.ca.us/ installation, not on your intranet.
I completely agree with Olly. If a module would add the header, IIS would remove it (because of that remove line), and when two headers are delivered, the second is added after the whole process most propably.
In this case, there is nothing you can do in IIS. But you can test it, if you browse the website http://healthtest.co.santa-cruz.ca.us/ on the server where it is installed. Add something like
127.0.0.1 healthtest.co.santa-cruz.ca.us
to your hosts-file (normally under C:\windows\system32\drivers\etc, you may edit this with any text editor) to avoid a DNS request.
Then check the headers you get there (and remove the line above from the hosts file after the test).
Happy DNNing! Michael
Tom, you're welcome, and I am happy that you found the issue. As I don't use DNNSharp Action Form, I did not know about this issue... thanks for telling us. Happy DNNing! Michael
Hooray! So glad you got this figured out :)
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.