Nginx as reverse Proxy, remove X-Frame-Options header

Maxim Dounin mdounin at mdounin.ru
Thu Jan 9 11:44:57 UTC 2014


Hello!

On Thu, Jan 09, 2014 at 11:03:11AM +0100, basti wrote:

> Hello,
> 
> I have a closed-source Webapp that run on an IIS-Webserver and send a
> "X-Frame-Options: SAMEORIGIN" header.
> I also have to implement this Webapp in my own, Frame based Application.
> 
> So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
> is still send.
> How can I remove his header?
> I have try "proxy_hide_header X-Frame-Options;" without success.

The proxy_hide_header directive is expected to work (and works 
here, just tested).  If it doesn't work for you, you may want to 
provide more details, see http://wiki.nginx.org/Debugging for some 
hints.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list