Today I came across a publishing issue in our UAT environment. After I clicked the publish, the publish popup window doesn’t display and in the console log it is showing an error “because it set multiple X-Frame-Options” headers with conflicting values (‘SAMEORIGIN, Allow-From’…) Falling back to ‘deny’.” as shown below.
So, I checked the web.config file and noticed that someone added “ALLOW-FORM” X-Frame-Option in web.config.
The error is because from sitecore 8.1 update 3 onwards sitecore introduce default module to add X-FRAME-OPTION Sameorigin using below module
<add type="Sitecore.Web.XFrameOptionsHeaderModule, Sitecore.Kernel" name="SitecoreXFrameOptionsHeaderModule" />