I tried the one below, and apparently it works in third site and self site (translatum). The only strange issue is that it does not load the iframe on third site using Chrome proper (and checking source it reads "your browser does not support iframes"), but it loads it in an incognito window.
header('Content-Security-Policy: frame-ancestors http://magicsearch.org https://www.translatum.gr');
Edit: found the culprit, it was the Privacy Badger extension