Our IT administrator has found the issue and resolved. There was an additional set of config files on apache server (cos you need another another set right?!) one particularly for anti click jacking and so he applied the same specs and all now working beautifully.
In reply to Mata Henry
Re: Content Security Policy - disabling SCORM framed content [Solved]
by Helen Foster -
Good to hear that everything is working fine now. Thanks for sharing your solution to the problem.