There are a couple reasons why your iframe is being blocked:
1) Security Headers
By default, Sucuri Firewall enables the "Additional Security Headers added to your site" option on the Security tab to add recommended security headers to your site and protect you against some forms of XSS and clickjacking attacks. However, it could block external source iframes.
To solve that problem, you just need to deselect the "Additional Security Headers added to your site" option on the Security tab of the Firewall dashboard.
2) Mixed Content Issue
If you try to iframe a page or file using HTTP on a HTTPS page, it’ll not work. The iframe must be HTTPS as well. You can read more about Mixed Content Warnings here.
3) PHP Iframe
When possible, use require(), include() or require_once() functions instead of iframing PHP files, but if you really need to iframe a PHP file, you may need to whitelist the PHP file due to the backdoor filter.
If even after following these steps and waiting a couple minutes, your iframe still doesn’t work, please open a support ticket so we can further investigate the issue.