View Connection Server and security server comply with certain Internet Engineering Task Force (IETF) Standards.

  • RFC 5746 Transport Layer Security (TLS) – Renegotiation Indication Extension, also known as secure renegotiation, is enabled by default.

  • RFC 6797 HTTP Strict Transport Security (HSTS), also known as transport security, is enabled by default.

  • RFC 7034 HTTP Header Field X-Frame-Options, also known as counter clickjacking, is disabled by default. You can enable it by adding the entry x-frame-options=<options> to the file locked.properties. For information on how to add properties to the file locked.properties, see Configure Acceptance Policies on Individual View Servers. The parameter <options> can have one of the following values, which are case-sensitive:

    • OFF - Disable counter clickjacking (default).

    • DENY - Do not use frames.

    • SAMEORIGIN - Do not use foreign frames.

    • ALLOW-FROM <URL> - Do not use foreign frames except <URL>, where <URL> specifies an additional trusted origin.

    For more information on RFC 7034, see http://tools.ietf.org/html/rfc7034.

    Note:

    Counter clickjacking will prevent the proper operation of HTML Access when using a Blast Secure Gateway (BSG), which is why it is not enabled by default.