Set Content-type on AJAX login key request to application/json to hopefully block ad injection
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>blank_page</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body onload="parent.setupIframe(document);">
</body>
</html>