O.K. after spending more time on this with the help of this SO post
Overcoming "Display forbidden by X-Frame-Options"
I managed to solve the issue by adding &output=embed
to the end of the url before posting to the google URL:
var url = data.url + "&output=embed";
window.location.replace(url);