<IfModule mod_headers.c> Header set X-Frame-Options "SAMEORIGIN" </IfModule>
X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed>, or <object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
The added security is provided only if the user accessing the document is using a browser that supports X-Frame-Options.
Deny: The page cannot be displayed in a frame, regardless of the site attempting to do so.
SAMEORIGIN: The page can only be displayed in a frame on the same origin as the page itself.