I attempt to place a X-FRAME-Choices to the http header to avoid the Clickjacking attack. Basically set the header within the httpd.conf or .htaccess file such as this, it really works.

Header set X-Frame-Options SAMEORIGIN

But you will find several locations that while using iFrame by myself website, basically do that, it will likewise block the iFrame by myself website. And So I consider adding a exception for my very own website. Check when the request comes from my very own website, then permit the iFrame around the page. I attempted this, however it did not work.

SetEnvIf Host http://myownwebsite\.com iframes_are_cool
Header set X-Frame-Options SAMEORIGIN env=!iframes_are_cool

Could someone assist me to with this particular?