After some initial investigation, it looks like the cause of the change you've seen was an update in a background service that's involved in our login process. As such, one of the steps for the login flow is now returning this header that's preventing the framing. While I'm looking to get some clarification on this from the team that owns that service, I can say that we've been looking at blocking the ability to frame our login for some time, as it does present a possible security risk by allowing people to embed the login.
While I do hope to have some additional info for you soon, I would strongly suggest not relying on an iframed flow for a long-term solution.
... View more