Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-FBKZ3XTH07' because it violates the following Content Security Policy directive: "script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-4/NBGRXN0VS9BRqGWrap+g76vlou7Y'". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-4/NBGRXN0VS9BRqGWrap+g76vlou7Y'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.