I had the same issue. For me the cause was a trailing slash at the end of the url.

Doesn't work:

<iframe src="http://example.com/some/sub/folder/"></iframe>

Works:

<iframe src="http://example.com/some/sub/folder"></iframe>

Why no one has mentioned CORS yet?

FROM mdn

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to let a user agent gain permission to access selected resources from a server on a different origin (domain) than the site currently in use. A user agent makes a cross-origin HTTP request when it requests a resource from a different domain, protocol, or port than the one from which the current document originated.

An example of a cross-origin request: A HTML page served from http://domain-a.com makes an src request for http://domain-b.com/image.jpg. Many pages on the web today load resources like CSS stylesheets, images, and scripts from separate domains, such as content delivery networks (CDNs).

For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. For example, XMLHttpRequest and the Fetch API follow the same-origin policy. This means that a web application using those APIs can only request HTTP resources from the same domain the application was loaded from unless CORS headers are used.

This means that the websites you are trying to enter from the iframe are set to deny requests from your site or others (if not all).

As of 05/2018, the iframe lead is denied by browser due to X-Frame-Options header set to 'sameorigin'.

Tested the page with Firefox and getting blank iframe. Here is what console says:

Load denied by X-Frame-Options: https://www.w3schools.com/ does not permit cross-origin framing.

Why that?I'll give Chrome console a chance, here's what it says:

Refused to display 'https://www.w3schools.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Basically, X-Frame-Options header (do not confuse that with CORS), is set to 'sameorigin', that means that the browser is allowed to display the iframe content only if embedded in same domain and same protocol (https://www.w3schools.com/ is not sameorigin of http://www.w3schools.com/).

Here are some docs aboiut x-frame-options: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

If you are trying to add this Iframe on a SSL-encrypted website (https://), it won't work any more since Firefox 23 because Mozilla has decided to blocked all unencrypted content on encrypted websites (for example http-iframes on https-websites). You can change this behaviour in your own Firefox installation by typing about:config in the address bar and setting security.mixed_content.block_active_content to false. But that won't help you for all other FF23-visitors on your website.

I don't know if its related but when I try to request w3schools by c# it responses 503 forbidden error. So they may use something to prevent showing up on iframes, etc. Facebook has similiar restrictions, you cannot display their likebox iframe unless you log in.