2389051 - ICF service for Clickjacking Framing Protection is not active

When calling a web based application (e.g. Web Dynpro ABAP, BSP, ITS) the following error appears:

• 500 SAP Internal Server Error
• ERROR: ICF service for Clickjacking Framing Protection is not active.  (termination: ERROR_MESSAGE_STATE);
• /sap/public/bc/bsp/Design2008/themes/themename/ net::ERR_ABORTED 403 (Forbidden);
• /sap/public/bc/uics/.../ClickjackingFramingProtection.js net::ERR_ABORTED 403 (Forbidden);
• Message E S_PROFGEN_START_AUTH 000 cannot be processed in plugin mode HTTPS;

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

• SAP NetWeaver
• Protection against Clickjacking attacks is activated 
• Web Dynpro ABAP
• SAP NetWeaver Application Server for SAP S/4HANA
• ABAP PLATFORM - Application Server ABAP

clickjacking, SICF, 403, inactive, activate, SAP Internal Server Error, UI redressing attack, Framing Protection, Framing, IFrame, UI Redressing, X-FRAME-OPTIONS, ICF-Service für ClickJacking-Framing-Protection ist inaktiv, cannot be processed in plugin mode HTTP, 031, WEBDYNPRO_RT, WDA_GDPR, forbidden, net::ERR_ABORTED, allowlist, includelist, prefer list, design2008, bsp, its, WDA, Web Dynpro ABAP, dynpro, 500 Internal Server Error, dbacockpit, dba cockpit, 500, not active, Message E S_PROFGEN_START_AUTH 000 cannot be processed in plugin mode HTTPS. , KBA , webgui , whitelist , e webdynpro_rt 031 , http_whitelist , BC-WD-ABA , Web Dynpro ABAP , BC-FES-WGU , SAP GUI for HTML , BC-FES-ITS , SAP Internet Transaction Server , BC-WD-UR , Unified Rendering , BC-MID-ICF , Internet Communication Framework , BC-FES-BUS , Netweaver Business Client , BC-BSP , Business Server Pages , Problem