I’m trying to add Content Security Policy (CSP) frame ancestors in .htaccess file to prevent our website from getting iframed on other websites.
Following is the code:
<IfModule mod_headers.c>
Header set Content-Security-Policy "frame-ancestors 'self';"
</IfModule>
This requires mod_headers to be enabled.
But when we enable mod_headers, it gives us Internal Server Error.

Note: We have a plugin installed that uses mod_header in .htaccess.
Prevent other sites from showing my site via iframe

Note 2: I am using Apache2 Server

Note 3 (Very Important): When we remove the mod_headers added by the above plugin, the CSP header gets added and no error is encountered.
But we do not want to remove the plugin / mod_headers added by the plugin.