PayPal Community

For what seems an absolute age I've been trying to get my checkout working to enable my customers to have a stress-free payment.
Everything is fine until the last hurdle, the dreaded checkout/payment page, it loads, the customer fills in his/her details, then they get: 'sorry, things aren't working at the moment, please try later'. The never used to happen, I've been with PayPal for well over a decade, it used to be reliable.

I have been compiling a content security policy, it's an .htaccess header that lives in the root directory of my Apache server.

I tried (unsuccessfully) to use the meta tag version in the 197 pages <head> section, but it was a mega fail.
The whole reason for the Policy is to prevent fraud which I understand, so to my mind, there should be a special page dedicated to giving the directives: script-src style-src 'self' 'nonce' etc to enable PayPal to serve it's purpose, but, having spent entire days & evenings searching the internet and guessing, trying to find the correct ones, I have drawn a blank.
I now have so many urls in my CSP .htaccess it looks ridiculous, but it still shows so many errors (currently there's 7 red blockages and 28 warnings).

I use Chrome Developer & Firefox tools, I check the Policy on every alteration with https://cspvalidator.org/ and https://csp-evaluator.withgoogle.com/

I avoid using 'unsafe-eval' and if I use script-src-elem my site closes down (but script-src-elem falls back to script-src anyway - apparently)
There are so may questions from merchants & developers about this topic, some go back 5 years or more and they *still* don't have any answers.
I'll give you an example:

data

blocked

font-src

hermes:0

https://qncdn.aoscdn.com/local/reccloud.cn/font/online-screen-recorder/digital-display.woff2

blocked

font-src

hermes:0

https://qncdn.aoscdn.com/local/reccloud.cn/font/online-screen-recorder/digital_display.woff2

blocked

font-src

these are the main culprits, there are others, but these persist, even though they're in the font-src directive list, they're still blocked.
As far as I can find out, 'hermes' is a delivery company, I don't even need that anyway as mine is all digital download.
All my other scripts, images, buttons, css work as they should, I've carefully picked up on each one and whitelisted it.
Ms Clarity, PiwikPro, Fetchapp, Translate etc ALL give you the correct directives and where they should be placed - easy peasy, but not our multi-million PayPal company, they like to see us sweat.
If I go to the Help pages there's plenty of cries for help, but no answers. The best I have seen is a load of us stabbing away in the dark in StackOverflow and the likes, all comparing notes and trying each other's results. PayPal's techie team (after a week's wait) just send you to pages that I've already seen, that's not the way it's supposed to be - is it?

There doesn't seem to be a CSP specialist who can give results, I''ve watched loads of YouTube videos, I have paid 2 'developers' so far that gave me their word they could solve this, but both gave up saying that it must be PayPal and therefore out of their hands.

Sorry to rant on, but this is now starting to affect my health and my moods, but I refuse to give up, but now I'm in a cul-de-sac and I'm asking for help.
Thank you for reading. SS