How to show external page in iframe sans Javascript in Firefox?

I’m trying to load an external site in an iframe for my Firefox visitors. The external page is loaded with javascript, and I would like this to be stripped out. For Chrome, the HTML5 sandbox=”” works perfectly, and with IE the security=”restricted” does the job just fine. With Firefox, I’m struggling.

I’ve been using the CSP policy directive as described here, but I can’t seem to get the right configuration. The following line will load the page, but the javascript on the external site still loads.
header("X-Content-Security-Policy: allow 'self'; object-src 'self'; script-src 'self'; frame-src *.externalsite.com; img-src 'self'");

  • Capture contents of Firefox/IE error console through code?
  • Save base64 string as PDF at client side with JavaScript
  • requestAnimationFrame Parallax Scrolling
  • Recording and later playing back DOM changes in Firefox?
  • CSS/Javascript: How to draw minimal border around an inline element?
  • Raising X11 urgent flag from webbrowser
  • I’ve tried dozens of other configurations and seem to have hit a brick wall. Will this work with the CSP directive? Should I look somewhere else to allow an external site to load in an iframe sans javascript in Firefox? Is this even possible in Firefox?

  • Force Firefox to Reload Page on Back Button
  • firefox sdk: how to use emit for sidebar outside widget
  • Javascript, Firefox: how to disable the browser specific cell controls?
  • window.event alternative in Firefox
  • IP Address Lookup in a Firefox Extension
  • How can I convince Firefox to redraw CSS Pseudo-elements?