I got a solution by removing all the content security warnings by creating a module and adding the csp_whitelist.xml in the etc folder of the module.
Step 1: Create a module.
Step 2: Add csp_whitelist.xml in the etc folder of the module and copy-paste the below code in that file.
<?xml version="1.0"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp/etc/csp_whitelist.xsd">
<policies>
<policy id="script-src">
<values>
<!--CDN-->
<value id="cloudflare" type="host">*.cloudflare.com</value>
<!--Google-->
<value id="google-analytics" type="host">*.google-analytics.com</value>
<value id="googlecom" type="host">*.google.com</value>
<value id="googlein" type="host">*.google.co.in</value>
<value id="gtmanager" type="host">*.googletagmanager.com</value>
<value id="gstatic" type="host">*.gstatic.com</value>
<!--Hotjar-->
<value id="hotjar" type="host">*.hotjar.com</value>
<!--Criteo-->
<value id="criteo" type="host">*.criteo.com</value>
<value id="criteonet" type="host">*.criteo.net</value>
<!--Github-->
<value id="github" type="host">*.github.io</value>
</values>
</policy>
<policy id="style-src">
<values>
<!--CDN-->
<value id="cloudflare" type="host">*.cloudflare.com</value>
<!--Design-->
<value id="googlefont" type="host">fonts.googleapis.com</value>
<value id="maxcdn" type="host">*.bootstrapcdn.com</value>
</values>
</policy>
<policy id="img-src">
<values>
<!--CDN-->
<value id="cloudflare" type="host">*.cloudflare.com</value>
<value id="klarna-base" type="host">https://cdn.klarna.com</value>
<!--Payments-->
<value id="paypal" type="host">*.paypal.com</value>
<!--Video-->
<value id="vimeocdn" type="host">*.vimeocdn.com</value>
<value id="youtube-img" type="host">https://s.ytimg.com</value>
<!--Google-->
<value id="googlecom" type="host">*.google.com</value>
<value id="googlein" type="host">*.google.co.in</value>
<!--Data-->
<value id="data" type="host">data:</value>
</values>
</policy>
<policy id="connect-src">
<values>
<!--Google-->
<value id="google-analytics" type="host">*.google-analytics.com</value>
<value id="gtmanager" type="host">*.googletagmanager.com</value>
<!--CDN-->
<value id="cloudflare" type="host">*.cloudflare.com</value>
<!--Payments-->
<value id="paypal" type="host">*.paypal.com</value>
<!--Double Click-->
<value id="doubleclick" type="host">*.doubleclick.net</value>
</values>
</policy>
<policy id="frame-src">
<values>
<!--Criteo-->
<value id="criteo" type="host">*.criteo.com</value>
<value id="criteonet" type="host">*.criteo.net</value>
<!--Hotjar-->
<value id="hotjar" type="host">*.hotjar.com</value>
<!--Google-->
<value id="googlecom" type="host">*.google.com</value>
<value id="googlein" type="host">*.google.co.in</value>
<!--Github-->
<value id="github" type="host">*.github.io</value>
</values>
</policy>
<policy id="font-src">
<values>
<!--CDN-->
<value id="cloudflare" type="host">*.cloudflare.com</value>
<!--Design-->
<value id="googlefont" type="host">fonts.googleapis.com</value>
<value id="maxcdn" type="host">*.bootstrapcdn.com</value>
</values>
</policy>
</policies>
</csp_whitelist>
Clean the cache and check the site again. Probably all the Content security warnings will be removed by adding the above file in your module.
I think It will cover most of the domain, but if you face any other content security warnings then you can add the domain in the csp_whitelist.xml file.
Hope this article will help you to fix Magento 2.3.5 content security warnings.
