Main_Page:1 Refused to load the image 'https://www.gnu.org/graphics/gplv3-or-later.png' because it violates the following Content Security Policy directive: "default-src 'self' blob: data: *.miraheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org *.mediawiki.org mediawiki.org *.wikidata.org wikidata.org *.wmflabs.org *.google.com *.gstatic.com *.addthis.com *.youtube.com *.youtube-nocookie.com maxcdn.bootstrapcdn.com twitter.com *.creativecommons.org images.uncyc.org www.mikrodev.com *.reviservices.com *.twitter.com www.sciencedaily.com *.googleapis.com *.twimg.com discordapp.com *.tile.openstreetmap.org *.freenode.net *.sorcery.net *.fontawesome.com *.a.wmflabs.org nenawiki.org *.cloudytheology.com i.imgur.com na.llnet.sims3store.cdn.ea.com cdn.discordapp.com m.media-amazon.com image.tmdb.org *.stripe.com *.twitch.tv *.fastly.net *.facebook.com *.shields.io *.bilibili.com *.163.com discord.com googleusercontent.com imgbox.com cdnjs.cloudflare.com cdn.jsdelivr.net reddit.com *.reddit.com redd.it *.redd.it redditmedia.com *.redditmedia.com dropbox.com *.dropbox.com dropboxstatic.com *.dropboxstatic.com disqus.com *.disqus.com *.nicovideo.jp lh3.googleusercontent.com db.onlinewebfonts.com wikiapiary.com *.vimeo.com *.googleusercontent.com *.imgbox.com 'unsafe-inline' 'unsafe-eval'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
We load content from www.gnu.org in https://github.com/miraheze/mw-config/blob/master/LocalWiki.php#L240 on some wikis but the site isn't whitelisted.