As you can see there is error about content security policy.
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src https://forum.warthunder.com/logs/ https://forum.warthunder.com/sidekiq/ https://forum.warthunder.com/mini-profiler-resources/ https://forum.warthunder.com/assets/ https://forum.warthunder.com/brotli_asset/ https://forum.warthunder.com/extra-locales/ https://forum.warthunder.com/highlight-js/ https://forum.warthunder.com/javascripts/ https://forum.warthunder.com/plugins/ https://forum.warthunder.com/theme-javascripts/ https://forum.warthunder.com/svg-sprite/ https://www.googletagmanager.com/gtm.js 'nonce-857b78b0187f8ee53100212842747417' 'sha256-HZxBMVZe6P3MvHDZlFai9cUmLH+qwX6BNT3qTwNPATg='". Either the 'unsafe-inline' keyword, a hash ('sha256-93qwY4D574Ysts67Kmc0jpUYGBwBuG9q6hhQl+Kk9us='), or a nonce ('nonce-...') is required to enable inline execution.
Urls are good in CSP header, and nonce is correct.
I read that article and alot of others on this forum, and nothing helped
Main page set CSP header correcly, there is gtm address in script src. And there is also nonce, but browser still for some reason block script loading.
Actually isn’t that big risk, if at all. CSP is very unreliable way, and security will fall anyway because there is quite big must to allow everything, if one want keep things in work.
But for you that is quite easy dilemma: do you really need that extra layer of security or do you need google tags? Or can you use Matomo instead?
welcome to Meta 
