That is a response header set by the domain from which you are requesting the resource (https://www.google.com in your example). They have set the header to SAMEORIGIN in this case, which means that they have disallowed loading of the resource in an iframe outside of their domain. It has nothing to do with Javascript or HTML, and cannot be changed by the originator of the request.
Try https://www.scirra.com/ - this should work normally.