X Frame Options are deprecated, add the following to the top of your .htaccess file: Header set Content-Security-Policy "frame-ancestors none;"
This will prevent clickjacking. 😉
P.S. You cannot use <meta> for this purpose.
If you do want to use X Frame Options, then just put this into the top of your .htaccess file: Header set X-Frame-Options "DENY"
You are welcome to put both in if it makes you feel more comfortable & secure.