SAP Knowledge Base Article - Preview

3097149 - WDA: HTTP 401 or 500 error for Clickjacking Framing Protection


When calling a web based application (e.g. Web Dynpro ABAP, BSP, ITS) one of the following error appears:

  • 401 Unauthorized error received for request /sap/public/bc/uics/whitelist/ClickjackingFramingProtection.js
  • 500 internal server error. ICF service for Clickjacking Framing Protection is not active



  • /sap/public/bc/uics/whitelist/ClickjackingFramingProtection.js
  • Web Dynpro ABAP
  • SAP NetWeaver
  • SAP Web Application Server for SAP S/4 HANA
  • ABAP PLATFORM - Application Server ABAP


ABAP platform all versions ; SAP NetWeaver all versions ; SAP Web Application Server for SAP S/4HANA all versions


Web Dynpro, Webdynpro, Web Dynpro ABAP, WDA, WDA_GDPR, /sap/public/bc/uics/whitelist/ClickjackingFramingProtection.js, Clickjacking, ClickjackingFramingProtection, 401, Unauthorized, error, BSP, ITS, 500, 500 internal server error, error, ICF service for Clickjacking Framing Protection is not active, Webgui, ClickjackingFramingProtection.js, not active, internal server error , KBA , BC-WD-ABA , Web Dynpro ABAP , BC-FES-WGU , SAP GUI for HTML , BC-FES-ITS , SAP Internet Transaction Server , BC-WD-UR , Unified Rendering , BC-MID-ICF , Internet Communication Framework , BC-FES-BUS , Netweaver Business Client , BC-BSP , Business Server Pages , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.