Skip to main content Skip to complementary content

Configuring X-Frame-Options

Qlik NPrinting supports X-Frame-Options HTTP response headers.

The X-Frame-Options header is a security measure that prevents Qlik NPrinting web console and NewsStand from being embedded in a <frame> or <iframe>. Enabling X-Frame-Options HTTP response headers defends against Cross-Frame Scripting (XFS), clickjacking, and other forms of attack.

XFS headers profiles

The following table illustrates different XFS headers restriction profiles based on X-Frame-Options settings.

[XFS headers restriction profiles]
Configurations XFS header
xfs.headers.enabled=false None



X-Frame-Options: DENY

Content-Security-Policy: frame-ancestors 'none'



X-Frame-Options: SAMEORIGIN

Content-Security-Policy: frame-ancestors 'self'




X-Frame-Options: ALLOW-FROM

Content-Security-Policy: frame-ancestors

Configuring your X-Frame-Options header

Opening the proxy file

To configure X-Frame-Options, you must edit the proxy configuration files for Qlik NPrinting web console and NewsStand. The default locations of these files are:

  • NewsStand proxy configuration file:
  • %ProgramData%\NPrinting\newsstandproxy\app.conf

  • Qlik NPrinting web console proxy configuration file:
  • %ProgramData%\NPrinting\webconsoleproxy\app.conf

Information note You must stop the Qlik NPrinting web engine service before changing any configuration.

Enabling XFS headers

To enable or disable XFS headers, edit the following setting:

Setting: xfs.headers.enabled

Values options:

  • true
  • false

Default value: true

Setting XFS header options

To set specific XFS header options, edit the following setting:

Setting: xfs.headers.option

Values options:

  • DENY

Default value: DENY

Allowing a specific URL address

You can indicate a specific URL allowed to use responses inside a frame. This setting must configured when ALLOW-FROM is used for xfs.headers.option. You can insert multiple URLs by inserting a space between each URL.

Setting: xfs.headers.allowed_uri

Example: xfs.headers.allowed_uri=

Default value: undefined

Information note You must restart the Qlik NPrinting web engine service to make your changes effective.