The problem: when you enables X-Frame-Options globally. You won’t be able to embed your posts with latest WordPress embed posts method.
The solution: you can simply exclude it in your Nginx configuration. I’ll use Nginx map for better performance:
map $request_uri $x_frame_options_headers {
default SAMEORIGIN;
# Matching WordPress embed page, ie. https://example.com/my-post/embed#?secret=vLi4CQcWkH
~/embed "";
}
# Don't allow the browser to render the page inside an frame or iframe
add_header X-Frame-Options $x_frame_options_headers;