Nginx as reverse Proxy, remove X-Frame-Options header

Maxim Dounin mdounin at
Thu Jan 9 11:44:57 UTC 2014


On Thu, Jan 09, 2014 at 11:03:11AM +0100, basti wrote:

> Hello,
> I have a closed-source Webapp that run on an IIS-Webserver and send a
> "X-Frame-Options: SAMEORIGIN" header.
> I also have to implement this Webapp in my own, Frame based Application.
> So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
> is still send.
> How can I remove his header?
> I have try "proxy_hide_header X-Frame-Options;" without success.

The proxy_hide_header directive is expected to work (and works 
here, just tested).  If it doesn't work for you, you may want to 
provide more details, see for some 

Maxim Dounin

More information about the nginx mailing list