I added iconify to allowed scripts but I get error in console for page Refused to load the script 'https://code.iconify.design/3/3.1.0/iconify.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Same issue for google tags

Seems its an issue of Iconify. According to https://github.com/iconify/iconify/issues/16 and https://github.com/ScratchAddons/ScratchAddons/issues/56 Iconify developer don't going to fix it. There is a workaround with rebuilding Iconify lib. Another option is add 'unsafe-inline' option, but it makes your script vulnerable. Or use another (safe) library.