Every time I go to edit, I have to open things up to permit connections to jsdelivr.net, which I don’t normally allow because they seldom have content I need. Blind calls to third-party CDNs are risky, you should be minimizing that as much as possible. What happens when (not if) jsdelivr gets compromised and starts serving out malicious code to your well-meaning editors? You should grab whatever content you need from them, VET IT, and then serve it out locally via resources that you control instead.
If I caught, say, my bank pulling stunts like that I’d be out of there immediately.
_H*