Keeping things simple here, we are having issues in our Production environment where the CSP set in Lifetime appear to not be applying correctly, in that despite both "font-src" and "img-src" directives being set to "*" we are seeing fonts and images being blocked, resulting in massive error log spam (10k entries per week currently). In the web browser, the web request shows the correct values of "font-src: *; img-src: * blob;" yet there are still errors showing that fonts and images are being blocked due to CSP. Really not sure why the CSP that are defined are not what's being reflected by the behavior of the app. No other CSP are defined on the IIS server or on any of the specific applications.