It depends entirely on your own risk analysis. We can’t make this decision for you without knowing the details (and if you want to give details, let me know where I should submit the consulting invoice).

Depends on how secure your seecure network is, but generally speaking I wouldn’t allow it. As you said, it’s way to broad and gives away control of what is loading and what comes on your network.

According to ChatGPT, this is what GStatic is:

Gstatic.com is a domain owned by Google that serves as a content delivery service that caches all unchanging files in a server near the user to reduce load times. It is used to load content from Google’s Content Delivery Network (CDN) and store static data like JS libraries, stylesheets, and images. Gstatic.com also verifies connectivity to the internet for Chrome browser and Android devices. Google hosts its static content on a specific server called Gstatic to reduce bandwidth usage and deliver the content faster. Gstatic.com also allows users to embed Google Maps images on their web pages without requiring JavaScript. Gstatic.com is not a virus, but security software may display pop-ups about it.