diff --git a/common/shield_exceptions.cc b/common/shield_exceptions.cc
index 5bb161b68217..5a1e78618f18 100644
--- a/common/shield_exceptions.cc
+++ b/common/shield_exceptions.cc
@@ -76,11 +76,17 @@ bool IsWhitelistedReferrer(const GURL& firstPartyOrigin,
     }
   }
 
-  static std::map<GURL, std::vector<URLPattern> > whitelist_patterns_map = {{
+  static std::map<GURL, std::vector<URLPattern> > whitelist_patterns_map = {
+    {
       GURL("https://www.facebook.com/"), {
         URLPattern(URLPattern::SCHEME_HTTPS, "https://*.fbcdn.net/*"),
       }
-    }
+    },
+    {
+      GURL("https://accounts.google.com/"), {
+        URLPattern(URLPattern::SCHEME_HTTPS, "https://content.googleapis.com/*"),
+      }
+    },
   };
   std::map<GURL, std::vector<URLPattern> >::iterator i =
       whitelist_patterns_map.find(firstPartyOrigin);
diff --git a/common/shield_exceptions_unittest.cc b/common/shield_exceptions_unittest.cc
index 0a6c11e87330..b2b72525e6ee 100644
--- a/common/shield_exceptions_unittest.cc
+++ b/common/shield_exceptions_unittest.cc
@@ -48,6 +48,11 @@ TEST_F(BraveShieldsExceptionsTest, IsWhitelistedReferrer) {
   // not allowed with a different scheme
   EXPECT_FALSE(IsWhitelistedReferrer(GURL("http://binance.com"),
       GURL("http://api.geetest.com/")));
+  // Google Accounts only allows a specific hostname
+  EXPECT_TRUE(IsWhitelistedReferrer(GURL("https://accounts.google.com"),
+      GURL("https://content.googleapis.com/cryptauth/v1/authzen/awaittx")));
+  EXPECT_FALSE(IsWhitelistedReferrer(GURL("https://accounts.google.com"),
+      GURL("https://ajax.googleapis.com/ajax/libs/d3js/5.7.0/d3.min.js")));
 }
 
 }  // namespace