Content-Security-Policy: default-src 'self' apple.com *.apple.com *.cdn-apple.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: apple.com *.apple.com *.cdn-apple.com; style-src 'self' 'unsafe-inline' apple.com *.apple.com *.cdn-apple.com; img-src 'self' data: blob: apple.com *.apple.com *.cdn-apple.com; connect-src 'self' apple.com *.apple.com *.cdn-apple.com; font-src 'self' apple.com *.apple.com *.cdn-apple.com; object-src apple.com *.apple.com *.cdn-apple.com; media-src 'self' apple.com *.apple.com *.cdn-apple.com; form-action 'self' apple.com *.apple.com; frame-ancestors 'self' apple.com *.apple.com; base-uri 'self' apple.com *.apple.com;