Posting in case anyone else has this issue. We were getting errors loading iframes in the KeyCloak console due to the X-Frame-Options being set to “deny” by default in our environment (Cloud Foundry). The fix was to set the X-Frame-Options explicitly in the undertow/jboss subsystem configuration in the configuration file (e.g., standalone.xml). We just added a response-header filter and pointed to it with a filter-ref under the default-host setting. Our XML looks like this: <subsystem xmlns="urn:jboss:domain:undertow:3.1"> <buffer-cache name="default" /> <server name="default-server"> <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" /> <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" /> <host name="default-host"> <location name="/" handler="welcome-content" /> <filter-ref name="xFrameOptions" /> </host> </server> <servlet-container name="default" eager-filter-initialization="true"> <jsp-config /> <websockets /> </servlet-container> <handlers> <file name="welcome-content" path="${jboss.home.dir}/welcome-content" /> </handlers> <filters> <response-header name="xFrameOptions" header-name="X-Frame-Options" header-value="SAMEORIGIN" /> </filters> </subsystem> Hope this helps. -- Keats Kirsch Auth Lead Axle Informatics http://axleinfo.com/ Keats.Kirsch@axleinfo.com<mailto:Keats.Kirsch@axleinfo.com>