Many advertising services and external APIs provide iframes to be embedded on external sites, but also require some data to be transferred from one site to the other.
iframe tags are being restricted for many reasons, mostly security. There are iframe busters (or framekillers) that export the iframe behavior in the parent window, takeover the browser, so to speak.
If you need something ‘in-between’, i.e. a controlled iframe on site 1 which, when submitted, loads a new browser page with the request data valid, then add a _parent target to the form, i.e.:
// form data here