nano /etc/apache/sites-available/default-ssl.conf

<VirtualHost *:443>
...
Header always set X-Frame-Options "DENY"
...
</VirtualHost>