Relax settings for web frame:
<Location "/ipa"> . . . # Header always append X-Frame-Options DENY # Header always append Content-Security-Policy "frame-ancestors 'none'" Header append X-Frame-Options ALLOWALL Header always set Content-Security-Policy: "frame-src 'self' *.SantaBarbaraDataSystems.com;" Header always set Content-Security-Policy: "frame-ancestores 'all';" </Location>