https://community.qlik.com/t5/QlikView/HTTP-Response-Headers-and-plugin/m-p/542568#M1302487 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>I have IIS configured to display the qvplugin and it's working fine, recently I noticed that the X-Frame-Options in the HTTP Response Headers was set to ALLOW, Now I'm asked to change its value to SAMEORIGIN due to security reasons. When doing this, the plugin is not opened as expected, instead I get thisn error:</P><P></P><P> <STRONG style="font-size: 14px; color: #000000; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif;">"To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame."</STRONG></P><P></P><P>Why is this happening? I think SAMEORIGIN should be enough. Could someone give me some more explanation in this?</P><P></P><P>Thanks!</P></BODY></HTML> Mon, 26 Jan 2026 18:19:17 GMT 2026-01-26T18:19:17Z https://community.qlik.com/t5/QlikView/HTTP-Response-Headers-and-plugin/m-p/542568#M1302487 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>I have IIS configured to display the qvplugin and it's working fine, recently I noticed that the X-Frame-Options in the HTTP Response Headers was set to ALLOW, Now I'm asked to change its value to SAMEORIGIN due to security reasons. When doing this, the plugin is not opened as expected, instead I get thisn error:</P><P></P><P> <STRONG style="font-size: 14px; color: #000000; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif;">"To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame."</STRONG></P><P></P><P>Why is this happening? I think SAMEORIGIN should be enough. Could someone give me some more explanation in this?</P><P></P><P>Thanks!</P></BODY></HTML> Mon, 26 Jan 2026 18:19:17 GMT https://community.qlik.com/t5/QlikView/HTTP-Response-Headers-and-plugin/m-p/542568#M1302487 2026-01-26T18:19:17Z