The feature can be switched on by running the following commands in the <server installation directory>\tomcat\spotfire-bin directory on the command line. (For details on using the Spotfire command line, see Executing commands on the command line.)

config export-config --force
config set-config-prop -n security.x-frame-options.enabled -v true
config import-config -c "Enabled X-Frame-Options"

The feature can be switched off by running the following commands:

config export-config --force
config set-config-prop -n security.x-frame-options.enabled -v false
config import-config -c "Disabled X-Frame-Options"

The directive can also be customized by running the following commands:

config export-config --force
config set-config-prop -n security.x-frame-options.directive -v <value>
config import-config -c "Customized X-Frame-Options directive"

<value> can be set to any of the following values:

• DENY: Prevents the rendering of the server web page within a frame.
• SAMEORIGIN: Prevents the rendering of the server web page within a frame if origin mismatch.
• ALLOW-FROM: The server web page will be rendered only when framed from the specified location.
• ALLOWALL: Allows rendering within a frame from any location. (This is a non-standard value which is not supported by all browsers.)