Configuring the X-Frame-Options HTTP response header

To prevent possible clickjacking attacks, in IBM® Intelligent Operations Center the X-Frame-Options HTTP response header is set to SAMEORIGIN. If the web server and the application server are not on the same domain, the response header setting might prevent you from viewing the IBM Sametime web client page and IBM Cognos® reports.

About this task

To resolve the issue, modify the X-Frame-Options HTTP response header in the httpd.conf file on the web server.

Procedure

Stop the HTTP server.
Log on to the web server and edit the following file:
```
/opt/IBM/HTTPServer/conf/httpd.conf 
```
Remove or comment out the following line in the file:
```
Header always append X-Frame-Options SAMEORIGIN
```
Restart the HTTP server.