Applications which run on SAP NetWeaver Application Server for ABAP and are built in following frameworks do not need to adapt anything. Clickjacking framing protection is enabled by the framework automatically.
SAP NetWeaver Application Server for ABAP supports clickjacking framing protection for the following frameworks:
Web Dynpro ABAP
Business Server Pages
Business Server Pages are only protected automatically if they contain a <head></head> section in the HTML. Otherwise they need to be adapted manually (by adding the <head> section or by adapting the solution manually.
NetWeaver Business Client (HTML Client)
Transactions running on Internet Transaction Server (in SAP GUI for HTML)
In addition, depending on the framework, there may be additional steps an administrator needs to take.
For more information, see the security guide for the framework.