Skip to main content

Configure HTTP headers

Use this procedure to configure HTTP headers if you are using the Tomcat software that Contrast provides.

When an HTTP header is enabled, it controls whether a document from an HTTP response can be loaded inside a navigable child (for example, <iframe>).

The `X-Frame-Options` header in the HTML standard provides details about HTTP header configuration.

Steps

  1. Open the <YourPath>/data/conf/server properties file in your text editor, where <YourPath> is the path where Contrast is installed..

  2. Specify one of these values for the servlet.response.xframe.options property:

    • SAMEORIGIN: Same-origin embedding is allowed.

    • DENY: Embedding is disallowed.

    • No value: The header is omitted. Embedding is allowed.

    Note

    If the servlet.response.xframe.options property is missing, a default value of SAMEORIGIN is used.

  3. After you update the server.properties file, restart the Contrast server service for the changes to take effect.

In this section: