diff --git a/etc/csp_whitelist.xml b/etc/csp_whitelist.xml
index 27277a2..1d7b3c3 100644
--- a/etc/csp_whitelist.xml
+++ b/etc/csp_whitelist.xml
@@ -7,14 +7,16 @@
                 <value id="bold_commerce" type="host">api.boldcommerce.com</value>
                 <value id="bold_commerce_staging" type="host">api.staging.boldcommerce.com</value>
                 <value id="cashier" type="host">cashier.boldcommerce.com</value>
+                <value id="bold_braintree_sandbox" type="host">*.sandbox.braintree-api.com</value>
+                <value id="bold_braintree" type="host">*.braintree-api.com</value>
             </values>
         </policy>
         <policy id="script-src">
             <values>
-                <value id="allow_inline_resource" type="host">unsafe-inline</value>
                 <value id="bold_commerce" type="host">api.boldcommerce.com</value>
                 <value id="bold_commerce_staging" type="host">api.staging.boldcommerce.com</value>
                 <value id="cashier" type="host">cashier.boldcommerce.com</value>
+                <value id="bold_paypal" type="host">*.paypal.com</value>
             </values>
         </policy>
         <policy id="frame-src">
@@ -39,6 +41,7 @@
         <policy id="img-src">
             <values>
                 <value id="bold_commerce_static" type="host">static.boldcommerce.com</value>
+                <value id="bold_paypal_images" type="host">*.paypal.com</value>
             </values>
         </policy>
         <policy id="font-src">