SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.