How to show external page in iframe sans Javascript in Firefox?

I'm trying to load an external site in an iframe for my Firefox visitors. The external page is loaded with javascript, and I would like this to be stripped out. For Chrome, the HTML5 sandbox="" works perfectly, and with IE the security="restricted" does the job just fine. With Firefox, I'm struggling.

I've been using the CSP policy directive as described here, but I can't seem to get the right configuration. The following line will load the page, but the javascript on the external site still loads.

header("X-Content-Security-Policy: allow 'self'; object-src 'self'; script-src 'self'; frame-src *.externalsite.com; img-src 'self'");

I've tried dozens of other configurations and seem to have hit a brick wall. Will this work with the CSP directive? Should I look somewhere else to allow an external site to load in an iframe sans javascript in Firefox? Is this even possible in Firefox?