A couple things:
for xbox live messages to work, I had to whitelist:
client-s.gateway.messenger.live.com
For 'messages for web' to display a qr code I had to whitelist:
www.google-analytics.com
There were a couple others I whitelisted to get the qr code to appear but this one actually worked after the whitelist.