Cloudflare + Apache + CSP Headers: Old CSP headers are returned

Question

We are using apache2 on our server, which is behind cloudflare (free plan).

I am currently implementing googles recaptcha, which requires me to make changes to our CSP headers. What I did:

1. Change CSP in Apache
2. Run apachectl configtest - all OK
3. Restart apache
4. Check if CSP is working & recaptcha gets loaded -> for the first 1-2 page visits it did work, but then I got the error: Refused to load https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js because it does not appear in the script-src directive of the Content Security Policy. Browser: Safari without any Addons. I reloaded a few more times and got the error every 2-3 page reloads.
5. To see if my CSP are the issue, I removed the CSP headers completely & restarted apache
6. Reloaded the page, but every 2 or 3 reloads I get the above error message again.
7. I checked the response headers and saw that every few page reloads the old CSP headers are returned, which I have deleted before.

What could be the issue? I assume that this issue is related to cloudflare. I already purged cloudflare caches and set the TTL to "Respect existing headers", but no change. I also tried it on Chrome and FF, no luck. Am I missing something here?

Those are the response headers when it is working:

Those are the response headers when it is not working (i.e. with the old CSP values):

Answer 1

After nothing helped, I stopped the apache to see if it actually stops. Well and see, my site was still reachable. After running command ps aux | grep apache I saw 4 processes still running. I ran killall -9 apache2 and then started apache again, and voila, its working.

So I guess due to an previous error or overload multiple apache processes where running, which resulted in the weird behavior.