Hi @brian929394,

The main problem comes from the way HubSpot cookies and iframes interact, which can be a bit tricky. This often happens when no cookies are related to HubSpot's DOS protection through Cloudflare. Typically, it occurs when a user hasn’t visited a HubSpot domain in the same browser session before. 

Here are your options to address this:

1. Use Request Parameters: Instead of relying on cookies, you can work with the request parameters that HubSpot sends to your application. When your CRM card loads, HubSpot makes a GET request to your endpoint with specific parameters, including the ID and email of the HubSpot user trying to access the card.
2. Domain Configuration: Ensure that your external domain is properly added to your HubSpot account settings, as forms and embeds from unregistered domains may be marked as suspicious.
3. Cookie Banner Configuration: If you use HubSpot's consent banner, you can configure it to appear only on specific domains and URLs to prevent iframe-related issues. 

If you're still having problems, consider creating a custom solution using the HubSpot API endpoints to manage authentication and user sessions independently from the iframe implementation.

Best regards,
Ernesto @ GiantFocal

---

Found this answer helpful?
Marking it as the solution helps both the community and me - thanks in advance!

---