The page has attempted to embed a script from Cloudflare but the CSP only allows "default-src 'self'".