What version if Q2A are you using? It sounds like an old issue we had with Apache mod_security. See here for details. But it should be fixed in the latest version of Q2A (1.8)
I think the line numbers given in that answer will be wrong now so look for the code that's similar to this:
'<iframe src="' . qa_path_html('url/test/' . QA_URL_TEST_STRING, array('dummy' => '', 'param' => QA_URL_TEST_STRING), null, $rawoption) . '" width="20" height="16" style="vertical-align:middle; border:0" scrolling="no"></iframe> ' .
and comment it out, see if it fixes the issue.