This means that your problem does not come from Admin Tools' .htaccess Maker.
Moreover, Admin Tools' Web Application Firewall does not have any feature which could get in the way. You can verify that by first going to Components, Admin Tools, Web Application Firewall, Configure WAF, set Defend against plugin deactivation to No. Then go to Extensions, Plugins and unpublish the System - Admin Tools plugin. You will see that your problem still occurs.
If you give me the URL of a page where this happens I might be able to point you to the right direction. The only thing I can think off the top of my head is that a third party plugin is setting the Content-Security-Policy, but it's equally likely that you are misdiagnosing your problem and the issue is something with the IFRAME itself.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!