Hi all

​

We have a website built using ASP.NET WebForms and we recently added in the IIS the header "X-XSS-Protection" with value "1; mode=block".

Since we have more then one domain in our application and domain is talking with the other, we started getting an error which eventually we figured out caused by that header.

My questing here is how do I specify in ASP.NET WebForms to allow specific domains to access my site (the other domain in our app)?

​

Thanks

​

p.s.

I saw in this link can add an html meta to allow. Is it enough?