SecureHeader site shows header missing if i add the header through code instead of web.config file

[shyambhiogade]

hi,
My site has x-frame-option as deny, its set through aspnet code with custom attribute. i could see the header in the responce in chrome developer tools but the secure header site is still reporting as its missing header. can you please tell me why.

headers from the response in chrome developer tool.

and here is the code that sets it from aspnet

     /// <summary>
    /// This class is used to handle X-FRAME-OPTIONS
    /// </summary>
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
    public sealed class CustomActionFilterAttribute : ActionFilterAttribute
    {     
        public override void OnResultExecuting(ResultExecutingContext filterContext)
        {
            if (filterContext != null)
            {
              
                    filterContext.HttpContext.Response.Headers.Add("x-frame-options", "deny");
              
            }

            base.OnResultExecuting(filterContext);
        }
    }

Please tell me why it does not detect, is there anything wrong.

[shyambhiogade]

@ScottHelme can you please comment on this.

[shyambhiogade]

@ScottHelme please help.