For more information about cross-frame scripting (XFS) attack, see Section 8.2, Preventing Cross-Frame Scripting Attacks.
Perform the following steps:
Change to the Apache configuration directory, /etc/opt/novell/apache2/conf.
Remove the # in front of LoadModule headers_module libexec/mod_headers.so.
Restart Apache.
Go to Access Gateways > Edit > Advanced Options and add the following Apache directive:
<LocationMatch "/public"> Header always append X-Frame-Options SAMEORIGIN </LocationMatch>
Here, /public is an example URL path of a protected resource. Change it to the URL path of the resource for which you want to disable XFS.