In the “Issues” area of Chrome’s Developer Tools, it states: “Some resources are blocked because their origin is not listed in your site’s Content Security Policy (CSP). Your site’s CSP is allowlist-based, so resources must be listed in the allowlist in order to be accessed.”

Further down it specifies a duosecurity.com URL as blocked. It goes on to explain the issue and recommends some fixes, including: " * (Recommended) If you’re using an allowlist for 'script-src', consider switching from an allowlist CSP to a strict CSP, because strict CSPs are more robust against XSS . See how to set a strict CSP ."

Refused to load the image ‘https://duo.com/’ because it violates the following Content Security Policy directive: “img-src ‘self’”.

This is OK to ignore. The concern is that the page that hosts the Duo Prompt (at the duosecurity.com URL) is blocked.

Do you have an extension like NoScript, Privacy Badger, or Ghostery installed?

Do you have any other firewall/endpoint protection software installed other than what came with Windows and Malware Bytes?

Is JavaScript enabled, or if you have custom site settings for JavaScript are you permitting the Duo sites (for example, you can check this in Chrome at chrome://settings/content > Javascript).

Can you try an incognito or in-private browser window with all your installed browser extensions disabled to see if the behavior persists?

I’ve got NoScript in Chrome only, as well as Malware Bytes but they’re both off, as is ABP ad blocker. I wonder if I should uninstall them completely. No other firewalls or antivirus software other than Windows. Javascript is enabled in Chrome and Duo.com is a permitted site. Since it happens in all browsers, I thought it has something to do with a common Windows issue. Something that must have changed in an update a week ago perhaps. It persists with an upgrade to Windows 11.

Curiously, it has started to work as of yesterday but is inconsistent and will often fail. Sometimes it works if I refresh the page. I have noticed that some other web sites can’t load either. e.g. a popular hardware store chain. If it does load, it’s really really slow. Everything’s fine on my desktop computer though. The very last thing I did was to update Windows apps via the Microsoft store, but I can’t see why that would make a difference.

Hmm… I’m on a mac so I’m trying to remember Windows tips…

• Does this happen wherever you take your laptop (so, network-agnostic; any connection you use is the same)?

• Might your laptop be using an outbound system-wide HTTP proxy? IIRC you can use netsh on Windows to see system-wide proxy settings.

• Have you cleared your browsers’ caches (since you have issues in multiple browsers I don’t really think this would make a difference).

• Are you getting the DNS server assigned automatically by your connected network? Maybe try editing the properties of your network connection to use another DNS server, like 8.8.8.8 (Google’s public DNS server).

• Flush the DNS resolver cache ipconfig /flushdns.

• What if you were try a browser you never used before? Like, if you were to install Opera, and not load any extensions or anything, and still have issues, then definitely it is something in your operating system.

Good luck figuring this out! Maybe some of the Windows client admins here in the community have other ideas.