Content-Security-Policy: default-src 'self' ; connect-src 'self' https://www.apple.com ; font-src 'self' https://*.apple.com https://*.cdn-apple.com ; frame-ancestors 'none' ; frame-src https://idmsa.apple.com https://idmsa.apple.com.cn https://signin.apple.com https://idmsauth.corp.apple.com ; img-src 'self' https://*.apple.com https://*.cdn-apple.com https://*.mzstatic.com data: ; object-src 'self' ; script-src 'self' https://*.cdn-apple.com https://ssl.apple.com https://www.apple.com ; style-src 'unsafe-inline' 'self' https://*.cdn-apple.com https://ssl.apple.com https://www.apple.com ;