X-Frame-Options HTTP Header stays set to 'Origin Only' even after I've modified apache config files



I’m using the prebuilt apache/php setup.

I’ve switched on Header Mod and uncommented the X-Frame_Origins directive in the security.conf file, but it doesn’t change the setup. It’s clearly set in some other .conf file—where?

Any help would be much appreciated!!