Qlik Community

QlikView Security & Governance

Discussion Board for collaboration on QlikView Security and Governance.

Not applicable

HTTP Response Headers and plugin


I have IIS configured to display the qvplugin and it's working fine, recently I noticed that the X-Frame-Options in the HTTP Response Headers was set to ALLOW, Now I'm asked to change its value to SAMEORIGIN due to security reasons. When doing this, the plugin is not opened as expected, instead I get thisn error:

"To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame."

Why is this happening? I think SAMEORIGIN should be enough. Could someone give me some more explanation in this?


Community Browser