It is common for organizations to block requests to external sites from an end users web browser. This is the primary reason outreach content is loaded from Nexus itself, instead of having the iframe reach out to the internet by way of the end users web browser.
The outreach content is dynamic, but as of the original filing date of this ticket I noticed it sends requests to
Whether there is a fallback for fonts in case this external request does not work is irrelevant. Include any fonts directly in the content instead.
In Aug 2020, requests to googleads.g.doubleclick.net were also detected.
Outreach content should not reference external content that does not reside or is accessible through urls on the Nexus server itself.