To resolve this, please enable "
X-Frame-Options protection" under:
System > Configuration > Security > Miscellaneous > X-Frame-Options protection
X-Frame-Options protection - You can choose to defend against click-jacking attacks by adding X-Frame-Option header to all the IVE generated pages. If this is not enabled, then only welcome.cgi will have this header
