If the external domain is not yours, there is not much you can do to overcome this security limitation of the browser. It was designed to work like this.
As explained on MDN X-Frame-Options
The X-Frame-Options HTTP response header can be used to indicate whether
or not a browser should be allowed to render a page in a
Sites can use this to avoid clickjacking attacks, by ensuring that their content is
not embedded into other sites.
The added security is only provided if the user accessing the document is
using a browser supporting X-Frame-Options.