Response headers names lowercased in HTTPS on IIS 10.0


  • Getting strange IIS behavior when loading pages from IIS 10.0 server via HTTPS (HTTP is OK)

    1) setup VM win2016 server
    2) install IIS role and ASP NET 4.5
    3) create webapplication bound to both 80(HTTP) and 443(HTTPS)
    4) try to load any page using HTTP -> case of response headers preserved
    5) try to load any page using HTTPS -> all response headers names converted to lowercase

    PS: according standarts those headers names are case sensitive.
    Meaning no one browser allow you to make CORS request when server respond access-control-allow-origin instead of Access-Control-Allow-Origin e.t.c.

    Are there any reason for such behavior? Any setting/workaround to get it working like it does in server 2012 R2 (IIS 8.5 doesn't have this issue)?

    Monday, October 31, 2016 3:41 PM


All replies