Refused to load the script because it violates the following Content-Security-Policy

Question

I didn't used google tag manager url in my code but it still shows the ERROR and HERE is the Error.

ERROR

Refused to load the script 'https://consent.trustarc.com/v2/notice/jznryc' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.googletagmanager.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

this is the code i am using.

<meta http-equiv="Content-Security-Policy" content=
          "default-src *; 
          style-src 'self' 'unsafe-inline' ; 
          script-src 'self' 'unsafe-inline' https://consent.trustarc.com ; 
          script-src-elem 'self' 'unsafe-inline' ">

Answer 1

The most likely explanation is that two (or more) policies are set. Something is setting another CSP, likely in a response header. You will need to find the policy and modify/remove it.