Failed to load http://www.example.com: The 'Access-Control-Allow-Origin' header contains multiple values '*, *' but only one is allowed. Origin 'http://www.example.com' is therefore not allowed access.

Access-Control-Allow-Origin: *

...is getting added twice to a header and that is making Google Chrome cranky. I was helping a friend with this today. In her case she was specifying settings for CORS in both Web.config and Startup.cs and the double-up effect was thus a reality.