Clearly there is *NOTHING* you can do if the contents of the <iframe> are not coming from the *SAME SITE* and the *SAME SECURITY LEVEL* as the main page.
I see that the URL for the <iframe> starts with "https://".
Let's pretend the full URL is something like "https://www.sitex.com/page32.php"
"https://www.sitex.com/...and only this part can differ..."
Sorry, but those are the rules. It is called "cross site scripting" and is disallowed by all browsers.
An optimist sees the glass as half full.
A pessimist sees the glass as half empty.
A realist drinks it no matter how much there is.