Content-Security-Policy: default-src 'self' *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.akamaized.net;  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.apple.com *.apple.com.cn *.apple-mapkit.com;  style-src 'self' 'unsafe-inline' blob: *.apple.com *.apple.com.cn;  img-src 'self' blob: data: *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com;  font-src 'self';  object-src 'none';  worker-src 'self' blob: *.apple.com *.apple.com.cn;  base-uri 'self';  form-action 'self';  frame-ancestors 'none';, default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: mailto: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com https://smb.apple.com https://nova.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com