X-Frame-Option issue

My Application has been deployed on JBOSS AS 7, Apache Web Server is in the middle and Public IP is there to access the application . Application is based on Java/Spring/JSF/Hibernate. To avoid Clickjacking, I have set X-Frame-Option to SAMEORIGIN in my Application as well as in httpd.conf in Appache server. In couple of modules, few pop ups/ New windows, are being opened to display data. While trying those from App Server, these are working fine. But on the other case, if trying from Public IP, the pop ups are coming blank. On web debugging I found below error.

123456.jsf:1 Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN , DENY') encountered when loading 'https://xx.xx.xx.xx/xxx/xxxx/123456.jsf?PA1=16208&PA2=A'. Falling back to 'DENY'. 123456.jsf:1 Refused to display 'https://xx.xx.xx.xx/xxx/xxxx/123456.jsf?PA1=16208&PA2=A' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN , DENY'.

I searched the Application as well as conf file in Apache server, But did not find where X-Frame-Options was set to DENY.

The value below has been found is in response header while trying the pop up page: X-Frame-Options:"SAMEORIGIN, DENY". A help is welcome.

Clickjacking is a security vulnerability and can be welly understood from here.

X-Frame-Options is the response header parameter, being used to indicate whether or not a browser should be allowed to render a page in a 'frame' or 'iframe'. Sites can use this to avoid Clickjacking attacks, by ensuring that their content is not embedded into other sites. Set the X-Frame-Options header for all responses containing HTML content. The possible values are "DENY", "SAMEORIGIN", or "ALLOW-FROM uri".

Reported issue was related to X-Frame-Options where DENY was getting set in some layer, though I have not configured it. The layers were: My Application layer(value set to SAMEORIGIN), Apache WEB Layer(value set to SAMEORIGIN) and Load Balance Layer(value set to DENY by LB Team). The reason being, pop ups were coming blank. After suggestion, LB team changed the setting. And My application is working fine as expected.