My corporate security team did a scan of my server that houses my Joomla website and Community builder came up as a possibly security issue.
Web Application Potentially Vulnerable to Clickjacking - does not set an X-Frame-Options response header in all content responses. This could potentially expose the site to a
clickjacking or UI Redress attack wherein an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions.
This is not an issue of CB, but of your web (Apache?) server settings. Joomla itself doesn't handle that header. Just google for that error text, and there are articles writing about that setting. Or better, ask your hoster to add that header to his apache configuration.
beat
