SAP Knowledge Base Article - Preview

2389051 - ICF service for Clickjacking Framing Protection is inactive


When calling a web based application (e.g. Web Dynpro ABAP, BSP, ITS) the following error appears:

  • 500 SAP Internal Server Error
  • ERROR: ICF service for Clickjacking Framing Protection is not active.  (termination: ERROR_MESSAGE_STATE)
  • /sap/public/bc/bsp/Design2008/themes/themename/ net::ERR_ABORTED 403 (Forbidden)
  • /sap/public/bc/uics/.../ClickjackingFramingProtection.js net::ERR_ABORTED 403 (Forbidden)



  • SAP NetWeaver
  • Protection against Clickjacking attacks is activated 
  • Web Dynpro ABAP
  • SAP NetWeaver Application Server for SAP S/4HANA
  • ABAP PLATFORM - Application Server ABAP


ABAP platform all versions ; SAP NetWeaver Application Server for ABAP for SAP S/4HANA all versions ; SAP NetWeaver all versions


clickjacking, SICF, 403, inactive, activate, SAP Internal Server Error, UI redressing attack, Framing Protection, Framing, IFrame, UI Redressing, X-FRAME-OPTIONS, ICF-Service für ClickJacking-Framing-Protection ist inaktiv, cannot be processed in plugin mode HTTP, 031, WEBDYNPRO_RT, WDA_GDPR, forbidden, net::ERR_ABORTED, allowlist, includelist, prefer list, design2008, bsp, its, WDA, Web Dynpro ABAP, dynpro , KBA , e webdynpro_rt 031 , http_whitelist , whitelist , webgui , BC-WD-ABA , Web Dynpro ABAP , BC-FES-WGU , SAP GUI for HTML , BC-FES-ITS , SAP Internet Transaction Server , BC-WD-UR , Unified Rendering , BC-MID-ICF , Internet Communication Framework , BC-FES-BUS , Netweaver Business Client , BC-BSP , Business Server Pages , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.