How to get the X-FRAME-OPTIONS HTTP Header to be present in Response Headers.

Troubleshooting

Problem

The requirement of having IBM Cognos Analytics set the X-Frame-Options Response Header with a value of "SAMEORIGIN" when the environment does not include a Web Server.

Environment

Cognos Analytics

No Web Server

Diagnosing The Problem

When reviewing the HTTP sessions requests and responses, the X-Frame-Options response header is not set.

Resolving The Problem

For best practices, we suggest that customers use a Web Server, SSO, distributed environment with load balancing ,etc. And the extra headers can be added in Web Server configuration by the Web Server Administrator.

If the Business would still want to do it without a Web Server, here are the steps:

1. In Portal, go to Manage -> Configuration -> System , expand Advanced Settings .

2. Under the Custom settings , add the following two keys:

Key: BIHeaderFilter.responseHeaders

Value: [{"name":"X-FRAME-OPTIONS","value":"SAMEORIGIN"}]

Key: BIResponseWrapper.staticExpiresDays

Value: 7

(This setting will set the value for the HTTP response Headers "Expires” and “max-age” when responding to GET requests for static content.. They can change it as needed.)

3. Click Save. Wait a minute, refresh the page.

The header X-FRAME-OPTIONS: SAMEORIGIN will be set in all response headers.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Tips

How to get the X-FRAME-OPTIONS HTTP Header to be present in Response Headers.

Troubleshooting

Problem

Environment

Diagnosing The Problem

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?