We have a VS test.abc.com with following csp:

Content-Security-Policy: script-src 'self'

We inject f5 java script file f5_cspm for analytics. Unfortunately the script will be refused to execute. Can anyone explain me this behaviour and tell me what is the right and hopefully secure csp to execute this java script file.

Thanks in advance.