We are working on a security improvement for our portal content (secutiry-content-polices), and we need to include a limitation on script origins in the http header. We include the image, media and frame sources, but we still have a pending to include the platform sources. When we include the source <instance>.service-now.com, we lose access to the instance.

Here is a link to the documentation that we are using to support the activity.