We've added a blacklist of url schemes and CSP. I'd like to have a whitelist if I can find one with all known-good schemes we'd like to be able to support. Know of one?