That Google Sites page has
a content security policy[
^] applied. Unless your page is hosted on either
sites.google.com
or
google-admin.corp.google.com
, it cannot include the page from Google Sites in an
<iframe>
.
Content-Security-Policy: base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'nonce-kTJrTU3cDGn9YFmKcreUcQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https:
You're also going to hit the same-origin policy: unless your page is hosted on
sites.google.com
, it won't be able to access or manipulate the DOM of a page loaded from
sites.google.com
.
If you're in control of both pages, you
may be able to use
postMessage()[
^] to overcome that restriction.