diff --git a/lib/dotcom_web/plugs/secure_headers.ex b/lib/dotcom_web/plugs/secure_headers.ex
index 1f75c25c10..a705057de8 100644
--- a/lib/dotcom_web/plugs/secure_headers.ex
+++ b/lib/dotcom_web/plugs/secure_headers.ex
@@ -12,6 +12,7 @@ defmodule DotcomWeb.Plugs.SecureHeaders do
*.googleapis.com
*.s3.amazonaws.com
analytics.google.com
+ cdn.mbta.com
px.ads.linkedin.com
stats.g.doubleclick.net
www.google-analytics.com
@@ -28,7 +29,9 @@ defmodule DotcomWeb.Plugs.SecureHeaders do
livestream.com
www.youtube.com
www.google.com
+ www.googletagmanager.com
www.instagram.com
+ *.soundcloud.com
],
img: ~w[
img-src
diff --git a/lib/dotcom_web/templates/layout/root.html.eex b/lib/dotcom_web/templates/layout/root.html.eex
index cbd1103ce8..5b8e525634 100644
--- a/lib/dotcom_web/templates/layout/root.html.eex
+++ b/lib/dotcom_web/templates/layout/root.html.eex
@@ -27,7 +27,6 @@
" type="image/png">
" sizes="32x32" type="image/png">
" sizes="16x16" type="image/vnd.microsoft.icon">
-
<%= if google_tag_manager_id() do %>