A common method to protect against clickjacking is to modify the configuration of the HTTP server to automatically add the X-FRAME-OPTIONS to response headers. For more information about X-FRAME-OPTIONS, see RFC 7034.

However, if you set X-FRAME-OPTIONS to DENY, then SAS Visual Analytics stops working because SAS Visual Analytics uses IFRAMEs. As a workaround, set the X-FRAME-OPTIONS to SAMEORIGIN instead of setting it to DENY. Setting the option to SAMEORIGIN enables IFRAMEs to be used when they share the same origin.