Using a nonce Content Security Policy header for style-src for inline style elements returns errors

It seems like you added the nonce to the script-src directive but not to the style-src directive. This might be the reason that why scripts are working but styles are not.

Possible solution:

"style-src 'self' https://fonts.googleapis.com 'nonce-".tu_custom_nonce_value () ."';".
"script-src 'self' https://maps.googleapis.com https://www.googletagmanager.com https://ajax.googleapis.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://cdnjs.cloudflare.com 'nonce-".tu_custom_nonce_value () ."';";