Hello!
Setting up the CSP header is a very complex and difficult task. The plugins used on the site may have different settings so there are no general standards.
So first of all to set up CSP headers, I would suggest you please use this plugin:https://wordpress.org/plugins/content-security-policy-pro/. It also gives the option to disable the CSP on the back-end so no plugin conflict arises.
I have personally not tested it but it seems effective in defining CSP and has a simple interface. Please also remember that it is a third-party plugin and we do not guarantee that it will work with your setup but you can give it a try.
Another way is to add the CSP rules to the .htaccess file. You will have to add rules for google font, analytics, etc.
I see this detailed document you can take help from for adding your rules to .htaccess.
https://walterebert.com/blog/using-csp-wordpress/
Please let me know if you have any concerns regarding this, we would love to assist you.
Thank you!