This is the code that i'm using for my htaccess but somehow the menu is not working im using Astra and Elementor,
Header always set Content-Security-Policy "\
default-src 'self' 'unsafe-eval' 'unsafe-inline'; \
font-src 'self' data: https://fonts.gstatic.com https://fonts.intercomcdn.com https://maxcdn.bootstrapcdn.com; \
img-src 'self' data: https: *.gravatar.com; \
script-src 'self'; \
manifest-src 'self'; \
media-src 'self' https://wistia.com https://youtube.com; \
frame-src 'self' https://dataon.ph https://greatdayhr.ph https://js.intercomcdn.com https://forms.office.com/ https://wordpress.com/ https://wordpress.org/ https://intercom.com https://wordpress.org/plugins https://widget.intercom.io/widget/cl2yoxkc https://api-iam.intercom.io; \
base-uri 'none'; \
frame-ancestors 'none'; \
report-uri https://65e16e9e354c350f2911915f.endpoint.csper.io/?v=3; \
worker-src blob:;\
connect-src 'self' https://dataon.ph https://greatdayhr.ph https://js.intercomcdn.com https://api-iam.intercom.io https://px.ads.linkedin.com https://reallyfreegeoip.org https://www.google-analytics.com wss://nexus-websocket-a.intercom.io https://intercom.com https://widget.intercom.io/widget/cl2yoxkc https://api-iam.intercom.io; \
style-src 'self' 'unsafe-inline' https: fonts.googleapis.com ajax.googleapis.com downloads.mailchimp.com fonts.googleapis.com maxcdn.bootstrapcdn.com www.gstatic.com; \
object-src 'none'; \
#require-trusted-types-for 'script';"
Need help for the issue i need to improve