Skip to main content
Ex Libris Knowledge Center

How to turn on 'No Frame Filter' in WebVoyage to prevent clickjacking


- The 'No Frame Filter' option in WebVoyage determines if WebVoyage can be displayed with an iframe.

- Configuring 'No Frame Filter' to "DENY" will secure the WebVoyage from iframe related vulnerabilities e.g. "Clickjacking"

- Third-party security scans may idenity WebVoyage as being vulnerable to "Clickjacking"and may recommend configuring the "X-Frame-Options" header, however if the 'No Frame Filter" option is configured to DENY, then this is unneccesary, and is a false-positive.


- Configure the 'No Frame Filter for WebVoyage


- Altered the mode parameter value for 'No Frame Filter' in web.xml

First Step

Log in to the Voyager server and open the WebVoyage web.xml file in a text editor. This file is located at : /m1/voyager/xxxdb/tomcat/vwebv/context/vwebv.


  • Was this article helpful?