View Connection Server and security server comply with certain Internet Engineering Task Force (IETF) Standards.
RFC 5746 Transport Layer Security (TLS) – Renegotiation Indication Extension, also known as secure renegotiation, is enabled by default.
RFC 6797 HTTP Strict Transport Security (HSTS), also known as transport security, is enabled by default.
RFC 7034 HTTP Header Field X-Frame-Options, also known as counter clickjacking, is disabled by default. You can enable it by adding the entry x-frame-options=<options> to the file locked.properties. For information on how to add properties to the file locked.properties, see Configure Acceptance Policies on Individual View Servers. The parameter <options> can have one of the following values, which are case-sensitive:
OFF - Disable counter clickjacking (default).
DENY - Do not use frames.
SAMEORIGIN - Do not use foreign frames.
ALLOW-FROM <URL> - Do not use foreign frames except <URL>, where <URL> specifies an additional trusted origin.
For more information on RFC 7034, see http://tools.ietf.org/html/rfc7034.Note:
Counter clickjacking will prevent the proper operation of HTML Access when using a Blast Secure Gateway (BSG), which is why it is not enabled by default.