This is an IFrame sending a Content Security Policy header containing "frame-ancestors {{GET[policy]}}" and "X-Frame-Options: {{GET[xfo]}}".