* Rated 4 out of 5 stars

One problem... I put in *.cloudfront.net and cloudfront.net into the destination whitelist and the origin-to-destination whitelist and it's still blocking all *.cloudfront.net by default.
NoScript had no issue whitelisting by the same method; haven't been able to figure it out without having to temp allow per page to keep the whitelist a little cleaner.