MVC 5 prevents access to content via Iframe

Question

Ever since the upgrade from MVC4 to MVC5, I have noticed an extra server header added to my web pages:

X-Frame-Options: SAMEORIGIN

I understand security bene

Answer 1

MVC5 automatically adds the HTTP header X-Frame-Options with SAMEORIGIN. This prevents your site from being loaded into an iframe.

But we can turn this off in Application_Start in the Global.asax.cs.

Example

protected void Application_Start()
{
    AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
}

Update

I have written a post about this MVC5 prevents your website being loaded in an IFRAME