Please note that it seems on HTTPS pages sometimes the X-Frame-Options header is not sent when only the headers are requested although it is there. So always perform both checks.
Check if a frame killer script is one the remote page. If you see the iframe below it works. If you click and you see the other page full screen a frame killer script does run and you cannot include the page.