This is a screen shot and PCAP trying to connect to ESPN.com it has a partial connection screen doesn't fully load. 

on this device I have manually changed the internet options to use TLS1.2 so that is showing not v1 but this has made little change on connections. 

The file you share is not recognised as pcap file. And you did not answer if you can resolve names when connected to the wifi network.

 Connect to wifi network using a laptop and run the command  nslookup espn.com and see if you get response out of it.

 The site will not let you upload PCAP, you have to change the file extension back to PCAP, but wire-shark should still open it.

Yes if you Nslookup it will resolve.

It's possible that a reload of WLC and/or APs will resolve the issue but rather than doing that first upgrade to a TAC recommended version of code (refer to the TAC recommended link below).  Currently that would be 17.12.3 (soon 17.12.4 which you might want to consider for additional bug fixes).  The upgrade will ensure that WLC and APs are reloaded and at least get you onto a current recommended code version with hundreds of bug fixes since 17.6.4.

What is the actual model of the 9800 WLC you are using?
How many APs?
How many clients?

Rather than simply showing the incompletely loaded espn.com web site, enable browser trace CTRL+SHIFT+I, Network tab, Tick Preserve Log, start recording and then refresh the page.  You can export the results to HAR file which can then be viewed with https://toolbox.googleapps.com/apps/har_analyzer/
This will at least show you which components are not loading on the page which might help with troubleshooting.

Have you set TCP MSS adjust to 1250 as recommended?
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#EnableTCPMSSacrossallAPs

What is the actual model of the 9800 WLC you are using? Cisco Catalyst 9800-CL Wireless Controller 17.6.4
How many APs? 23
How many clients? average of 50 - 60 a day 

The MSS Enable was already set also 

Ok the numbers all sound quite reasonable but would still be worth checking CPU on the WLC (after upgrading the software). 
See https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-cl-wireless-controller-cloud/221058-understand-high-cpu-usage-reported-for-t.html 
Go through the Best Practices guide (link below)
And use the Config Analyzer (link below) with the output of "show tech wireless" (must be the wireless version of show tech) to check the WLC config.

I am planning an update tonight for software. I have a TAC ticket open since last week they have un-fortunately been able to see anything misconfigured or causing an issue at this point also.

Ran iperf used a wired connected PC on different vlan as server WiFi pc as client

Connecting to host 192.168.120.14, port 5201
[ 5] local 192.168.215.29 port 53070 connected to 192.168.120.14 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.01 sec 21.0 MBytes 175 Mbits/sec
[ 5] 1.01-2.01 sec 20.2 MBytes 170 Mbits/sec
[ 5] 2.01-3.00 sec 19.8 MBytes 167 Mbits/sec
[ 5] 3.00-4.01 sec 20.0 MBytes 166 Mbits/sec
[ 5] 4.01-5.00 sec 20.0 MBytes 170 Mbits/sec
[ 5] 5.00-6.01 sec 21.0 MBytes 175 Mbits/sec
[ 5] 6.01-7.00 sec 18.5 MBytes 157 Mbits/sec
[ 5] 7.00-8.00 sec 21.0 MBytes 176 Mbits/sec
[ 5] 8.00-9.01 sec 20.6 MBytes 171 Mbits/sec
[ 5] 9.01-10.01 sec 20.5 MBytes 173 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 203 MBytes 170 Mbits/sec sender
[ 5] 0.00-10.01 sec 202 MBytes 170 Mbits/sec receiver

Connecting on the LAN on same VLAN everything loads as it should. 

No Web Proxys are on the network.