After upgrading to 2.3.5 the following errors are logged in the browser console
[Report Only] Refused to load the script 'https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=' because it violates the following Content Security Policy directive:
[Report Only] Refused to load the script 'https://fast.a.klaviyo.com/media/js/analytics/klaviyo_analytics.js?v=5' because it violates the following Content Security Policy directive:
[Report Only] Refused to connect to 'https://fast.a.klaviyo.com/onsite/api/v2/modules?company_id=' because it violates the following Content Security Policy directive:
After upgrading to 2.3.5 the following errors are logged in the browser console
This is caused by a new module in 2.3.5 module-csp and can be resolved by adding Klaviyo domains to the Content Security Policy in a csp_whitelist.xml file. See https://devdocs.magento.com/guides/v2.3/extension-dev-guide/security/content-security-policies.html