Check the config for allowing mss-exceed. Following is an example config:
access-list http-list permit ip any any
!
class-map http match
access-list http-list
exit
!
tcp-map tmap
exceed-mss allow
exit
!
policy-map global_policy
class http
set connection advanced-options tmap
!
service-policy global_policy global
Also check for the traffic that is being denied and check if you have configured this for the right traffic.