Posted by ErmanArslansOracleBlog on Jan 31, 2022; 5:08pm
URL: http://erman-arslan-s-oracle-forum.124.s1.nabble.com/Request-Header-for-Html-pages-tp10599p10606.html

That configuration is in oracle_apache.conf..

It is enabled by default and it protects the system against clickjacking by setting the X-Frame-Options HTTP header.

"Header set X-Frame-Options SAMEORIGIN" --> This line should be there already in the oracle_apache.conf and it will allow EBS pages to be framed by other EBS pages, but! not framed by outside EBS page

For more information ->

Oracle E-Business Suite Security Guide Release 12.2, "Using Certified HTTP Security Headers"
Document 403537.1, Secure Configuration for Oracle E-Business Suite Release 12.1, "Use Certified HTTP Security Headers"