--> Many website owners nowadays add X-Frame-Options to their website headers to avoid clickjacking attacks.

--> If X-Frame-Options header set to SAMEORIGIN by website owner then the site will not open in iFrame of modern browsers such as Chrome, Edge, etc. and it will give the error "Refuse to connect"

--> To know that this header is enabled, make a request of browser console logs from the user as follows,

    1) Please open the scorecard URL (For example, http://stmsql:8080/scorecards/2795) directly in Chrome and use the developer tools to send us the request and response headers.
    2) Right-click on the page where you opened the URL and click on inspect.
    3) In the Developer tools pane, click on the Network tab and then click the browser's refresh button.
    4)Please click on your scorecard URL in the list of Name section which is displayed after refresh.
    5)In the headers section displayed at the right, copy all the content and share it with Tibco Support.

--> If browser console logs show X-Frame-Options: SAMEORIGIN or X-Frame-Options: Deny then request the user to contact website/app vendor to check on the resolution otherwise raise a Jira with Engineering to check further.

--> There are chrome extensions are also available to by pass this but we can not suggest user as this is a security feature and it is all depends on user if they want to enable the chrome extension or not.