Some browsers may be moving to a more modern approach by using the "Content-Security-Policy" (CSP) header with the frame-ancestors directive instead of "X-Frame-Options".
Maybe you can try:
middlewares
x-frame-options:
headers:
contentSecurityPolicy: "frame-ancestors *;"
Therefore if you embeds iframe from your own domain/subdomains, it's more safe to use:
middlewares
x-frame-options:
headers:
contentSecurityPolicy: "frame-ancestors 'self';