It’s because UoD don’t want you embedding their site on yours and have configured X-Frame-Options to deny other domains from doing so.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
There are ways around this. You can proxy their page through a server you control and re-serve it without the header. This is probably a bit naughty.