I am planning to set X-Frame-Options SAMEORIGIN in my server's httpd.conf as part of improving the defenses against click jacking. I understand this will add the X-Frame-Options header to all pages. There is a "widget" page that I would like to exempt from this (other sites will display this page inside an IFRAME).
Is there a way to configure Apache 2 to not send the header for a specific page alone?