Internal Server Error when accessing package pages

This is for:

Developer System Administrator

In this article

Symptoms
Cause
Resolution

Coveo for Sitecore 5.0.1277.4

Issue resolved

Symptoms

When accessing a Coveo for Sitecore page, you encounter a 500 - Internal Server Error.

Cause

The Coveo for Sitecore package specifies the SAMEORIGIN value for the X-Frame-Options HTTP response header in some of its pages. This directive conflicts with the DENY directive that Sitecore sets by default for that header. Sometimes, especially in Microsoft Azure environments, this conflict can cause a 500 - Internal Server Error when trying to access pages such as /coveo/rest.

Resolution

This issue was fixed in the Coveo for Sitecore October 22, 2025 release. Upgrade to the latest Coveo for Sitecore release.

Workaround

You can remove the X-Frame-Options HTTP response header directive from all Coveo for Sitecore package web.config files.

Open the <SITECORE_INSTANCE_ROOT>\Coveo\Rest\Web.config file in a text editor.

Locate and delete the <httpProtocol> element and its content:

<httpProtocol>
  <customHeaders>
    <add name="X-Frame-Options" value="SAMEORIGIN" />
  </customHeaders>
</httpProtocol>

Save your changes.
Repeat these steps for all other Coveo for Sitecore package web.config files, specifically:
- <SITECORE_INSTANCE_ROOT>\Coveo\Hive\init\Web.config**
- <SITECORE_INSTANCE_ROOT>\Coveo\Hive\search box init\Web.config**
- <SITECORE_INSTANCE_ROOT>\Coveo\Hive\templates\Web.config**
- <SITECORE_INSTANCE_ROOT>\layouts\Coveo Hive\Web.config**
- <SITECORE_INSTANCE_ROOT>\Views\Coveo Hive\Web.config**
If you’re using Coveo for Sitecore SXA, repeat these steps to remove the <httpProtocol> element from the <SITECORE_INSTANCE_ROOT>\Areas\CoveoHiveSxa\Views\Web.config file.