I have a requirement to set the X-Frame options on the server level to either:
X-Frame-Options: SAMEORIGIN X-Frame-Options: A
I had a similar requirement and i handled in global.asax. i checked from where the request is coming and based on that i changed the header value to either sameorigin or allow-from. hope that helps.