Hey jahbrewski,
It looks like the response from that URL is including the header 'X-Frame-Options: SAMEORIGIN'. This header is used to indicate to web browsers that the response should not be rendered in an <iframe> tag. If you have control over the response, ensure that the header is not present.
More info on the 'X-Frame-Options: SAMEORIGIN' header can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options?redirectlocale=en-US&redirectslug=The_X-FRAME-OPTIONS_response_header
To see the headers coming from the endpoint, use this on the command line: