These are both cross-origin iframes (using raw ip address).
Regular iframe:
Sandbox iframe with allow-same-origin allow-scripts: