domain name system – Firewall rules to access Google-Cloud-Storage from the outside world

I deploy an application that relies on GCS on a customer's site.
The client firewall allows domains to be whitelisted for outgoing connections. So I added the white list to known GCS domains (storage.googleapis.com, googleapis.com, crl.pki.goog).

However, because GCS uses CNAME redirects, a request to storage.googleapis.com is sometimes redirected to another address, for example "storage.l.googleusercontent.com".

How can I get a complete list of all whitelisted domains?
And if additional domains are added in the future? Is there a way to add them to the whitelist?

thank you,
Yair