What is the name of the domain?
https://www.cwsparkinson.co.uk
What is the error message?
Refused to execute inline script because it violates the following Content Security Policy directive
What is the issue you’re encountering
Cloudflare is injecting inline JS code into the site as part of BotFightMode but is not adding the nonce to the tag (even though one exists in the CSP header).
What steps have you taken to resolve the issue?
I have followed the documentation: JavaScript detections | Cloudflare bot solutions docs here
which says to add a nonce to the CSP.
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full (strict)
What are the steps to reproduce the issue?
Go to the website
Open developer tools (F12)
Note “Refused to execute inline script” error in console